This will work for all unlocked Nexus Ones in the UK and also T-Mobile Nexus Ones in the US. If you are in the US with an AT&T Nexus One, follow the extra instructions below to install “ERE27″ first.

10 Steps

1. Download file from the following link:

http://bit.ly/9GO4hL

or from Google

http://android.clients.google.com/packages/passion/signed-passion-FRF50-from-ERE27.1e519a24.zip

If you are an AT&T user download and install ERE27 from this link:

https://android.clients.google.com/packages/passion/signed-passion-FRF50-from-ERE27.1e519a24.zip

2. Rename the file to update.zip – Make sure that you do not name it .zip.zip. If you are using Windows ensure ”show file extensions” are turned on to check this.

4. Copy the update.zip file onto the root of your microSD card (not in any folders)

5. Turn off your Nexus One, then with your Nexus One turned off, hold down the trackball and press the power button.

6. You’ll be booted into a white screen with three Android robots on skateboards. Select “Bootloader.”

7. On the next screen, select “Recovery.”

8. Your phone will reboot, giving you a picture of the Android robot and an exclamation point inside a triangle.

9. Now press the power button and volume up button simultaneously (It could take a few attempts).

10. Now (using the trackball) choose “Apply sdcard:update.zip” and get ready for a much swisher Nexus One.

Special Instructions for AT&T N1 owners

This file is an update from ERE27 to Froyo, which means that if you want to use it, you will manually have to install ERE27 first, then run this file. This requires you to unlock your bootloader!

Special Instructions for Rooted Users

You can get this update, which has been prerooted for you by Paul @ MoDaCo. You know the drill on how to install these ROMs:

FRF50 (Froyo) pre-rooted update zip – Android @ MoDaCo

Froyo has been rooted! (this is optional)

Quick rooter for stock FroYo systems – xda-developers

Install this file the same way you installed the 2.2 update file.

Direct link to the file:

http://n0rp.chemlab.org/android/nexus/froyo-rooter-signed.zip

UPDATE: Don’t forget to install Flash 10.1 from the Android Marketplace!

Related posts:

1. Google IO 2010 The Google IO 2010 keynote has just ended and what...

Related posts brought to you by Yet Another Related Posts Plugin.

.

Google Android 2.2 “Froyo”

• Dalvik JIT compiler delivers between a 200-500% performance improvement vs. Android 2.1. A live demo showed a 100% FPS improvement in a game demo;
• Exchange capabilities such as account auto-discovery and calendar sync;
• Device policy management APIs means that developers to write apps that can control security features of the device;
• Automatic application updates;
• Moving apps to the SD card;
• Tethering and wireless hot-spot;
• Phone functionality exposed to the browser;
• Flash 10.1;
• Crash and bug reporting using Buzz;
• V8 improves JavaScript by 200-300%;
• Multiple advertising formats and integration;
• Integration of the app backup and cloud-to-device APIs.

For a complete list of everything included in Android 2.2, visit platform highlights.

Developers can now download the Android 2.2 SDK and Android NDK, Revision 4 from the Android developer site.

APIs

• App backup API enables apps to participate in data backup and restore, allowing an application’s last data to be restored when installed on a new or a reset device.
• Cloud-to-device API sends Android Intents from PC to Android device. This allows for things such as navigation routes to be made on a PC and sent to an Android phone, browsing a webpage and pushing it to an Android phone or even syncing music between devices.
• Apps can utilise Android Cloud to Device Messaging to enable mobile alert, send to phone, and two-way push sync functionality.
• Developers can now declare whether their app should be installed on internal memory or an SD card. They can also let the system automatically determine the install location. On the native side, a new API now gives access to Skia bitmaps.

Google TV – “TV meets web. Web meets TV.”

Google is launching Google TV which will bring regular TV, online video and Android apps to your TV. Google says there are two worlds now, the web on your laptop and your phone and the TV world.

But why aren’t the solutions today making traction? Here are 3 reasons, according to Google.

According to Google current solutions aren’t good enough for the following reasons (which I agree with entirely):

1. They dumb down the web for TV. You’re re-creating the web. “It’s WAP all over again.” “We need to find a way to bring the entire web to the television.”
2. “They’re all closed.” Once you can go anywhere on the web, you don’t want to go back.
3. The solutions today make you choose between web or TV. If you have to switch between the two, it’s over. You’ve lost users.

Google wants to incorporate both into “a single seamless experience” – “TV meets Web. Web meets TV” To get a better idea of how it works, watch the following video.

While watching I decided to tweet any interesting bits of the keynote for my Twitter followers who were unable to watch the live stream. My tweets for the Google IO 2010 can be found below, with the oldest (first) tweets at the bottom of the page.

I think I have covered most of the shiny and exciting stuff from the Google IO 2010 keynote, however, feel free to share your favourite moments in the comments below.

My #io2010 Twitter Stream

If you didn’t catch the #io2010 keynote live watch the re-broadcast later at www.youtube.com/googledevelopers
#Android 2.2 “Froyo” rumoured for June. Android 3.0 “Gingerbread” said to be released Q4 2010. #io2010
3 minutes ago

Looks like things the keynote is wrapping up now. No #Android 2.2 #Froyo release date? Awh. #io2010
7 minutes ago

Clever Google, $70 bn of TV advertising is now targeted to the individual and not to a demographic! #io2010
14 minutes ago

There was a time when having a set-up consisting of one brand was thought beneficial. Now numerous brands with open standards is the way fwd
18 minutes ago

You are welcome! Is it working for you now?
25 minutes ago

Tim Schmidt now introducing numerous CEOs from various corporations #io2010
29 minutes ago

Google TV hardware to appear in autumn 2010. Platform to be opened up by the end of 2011. #io2010
32 minutes ago

Google TV in Autumn 2010 #io2010
33 minutes ago

Time to bring Google TV to the home! Sony, LG to integrate Google TV. Intel Atom to power it #io2010
34 minutes ago

@tristramoaten I am actually getting a lot of good feedback & thanks from followers who can’t view it!
35 minutes ago in reply to tristramoaten

Closed captioning from TV + Google Translate API = Subtitles in any language! #io2010
38 minutes ago

Google’s back-end feed infrastructure means video and audio podcast style media is synced across all devices! #io2010
39 minutes ago

Google warn against naming your app to early – Introducing “Listen (+ Watch)” #io2010
41 minutes ago

Yay! Google + technology + pretty girl! #io2010
42 minutes ago

Google TV DVR integration – Set a programme to be recorded from within the programme’s website #io2010
42 minutes ago

YouTube “Leanback” – Instant-on, no search, personalised video feed of content you want to watch! #io2010
about 1 hour ago

Google TV dev demo time! #io2010
about 1 hour ago

Cloud-to-device API means you can sit there with your laptop and push apps to all of your devices including Google TV! #io2010
about 1 hour ago

Spotify on your TV via the marketplace! I no longer need to wait for Linux Spotify! #io2010
about 1 hour ago

All marketplace apps will work out of the box on Google TV #io2010
about 1 hour ago

Thanks to #Google TV #Andoid apps will work on your TV! #io2010
about 1 hour ago

Developers can develop their own remote controls for all devices! #GoogleTV #io2010
about 1 hour ago

Collaborative sharing with Google TV plus numerous Android phones. Great for family watching online content together! #io2010
about 1 hour ago

Search for TV using your voice on an Android phone, results appear on your TV! #io2010
about 1 hour ago

#Google TV paired with Android devices! #io2010
about 1 hour ago

Google TV integration with Sony Play TV #io2010
about 1 hour ago

@lewisoaten “The iPad created a hole in the market, but it still ignores the big screen in the front room! Google TV fixes this.” #io2010
about 1 hour ago

Watch a sports game with live stats. Or a talent show with a twitter feed about that show! Cool stuff! #io2010
about 1 hour ago

So easy to create custom TV channels consisting of online content through searches or intelligent algorithms #io2010
about 1 hour ago

Loving the Elmo alphabet rap! #io2010
about 1 hour ago

Websites and online content delivered via the TV #io2010
about 1 hour ago

Personalised TV results from services such as Netflix #io2010
about 1 hour ago

Google TV home screen looking very swish! #io2010
about 1 hour ago

Gotta love House M.D! #io2010
about 1 hour ago

Single experience for TV programmes from multiple sources #io2010
about 1 hour ago

We’re back again btw! #io2010
about 1 hour ago

Just spotted Listen and Marketplace integration on Google TV #io2010
about 1 hour ago

Oops. Was that a swear word? #io2010
about 1 hour ago

Getting a bit embarrassing now. Eeek. #io2010
about 1 hour ago

Bluetooth connectivity issues! Turn off those phones! #io2010
about 1 hour ago

Current and future results shown. Recording from the quick search box! #io2010
about 1 hour ago

Search for TV & Web at the same time – Instant access to your favourite channels and shows! #io2010
about 1 hour ago

We are back on track! #io2010
about 1 hour ago

Technical issues with Google TV and the input device! #io2010
about 1 hour ago

Google wants to give TV users the empowerment of the search box! #io2010
about 1 hour ago

Google TV Demo Time #io2010
about 1 hour ago

1. Less time finding, more time watching. 2. Control what you watch and when. 3. TV content more interesting. 4. TV to be more than a TV!
about 1 hour ago

Creating a single, seemless experience! Google TV – TV MEETS WEB. WEB MEETS TV! #io2010
about 1 hour ago

TV or Web? Users will choose TV… the answer? #io2010
about 1 hour ago

Current Internet TV options is W@P all over again.. #Google want to change this! #io2010
about 1 hour ago

Video should be consumed on the biggest, brightest screen in your house…and that is not the mobile phone or PC… it’s the TV!
about 1 hour ago

Time for #Google TV #io2010
about 2 hours ago

#Google #Sprint and #HTC have partnered to give a HTC Evo 4G to every #io2010 attendee! “Apologies to people watching on YouTube!”
about 2 hours ago

Most relevant ad is always served to user, even if it is not from #Google! Now that is open-ness! #io2010
about 2 hours ago

Location detects users location and customises ad content, Click-to-call button on the let allows user to call vendor.
about 2 hours ago

Rich media integrated in to expandable ad format #io2010
about 2 hours ago

Expandable ads allow users to view ads and not leave their current environment #io2010
about 2 hours ago

Text ads being optimised and integrated very nicely indeed! #io2010
about 2 hours ago

Multiple formats for advertising! #io2010
about 2 hours ago

Music syncing/streaming is sweet! #io2010
about 2 hours ago

Opps! Just been calling the fifth floor restaurant for the past 10 mins. Gotta love multi-tasking #io2010
about 2 hours ago

Music synced using Cloud-to-device API too! #io2010
about 2 hours ago

#Android Marketplace can be browsed on the PC and using Cloud-to-device API to install apps on device OTA! #io2010
about 2 hours ago

Proper crash and bug reporting using Buzz! Another little present for developers #io2010
about 2 hours ago

Finally! User no longer has to manually update apps! #io2010
about 2 hours ago

Need for Speed Shift looking good on #Android! So good Matt won’t stop playing. #io2010
about 2 hours ago

ARG! Screw you lack of UK Mint service! #io2010
about 2 hours ago

Fine apps, search inside apps, move to SD card and auto-update! #io2010
about 2 hours ago

Loving the not-so-subtle digs at #Apple! #io2010
about 2 hours ago

“Turns out on the Internet…people use Flash!” #io2010
about 2 hours ago

So much is possible in the browser now! #io2010
about 2 hours ago

Just spotted an RSS feed logo in the #Android browser #io2010
about 2 hours ago

Voice recognition is flawless! Results sent back immediately! #io2010
about 2 hours ago

API opened up to expose accelerometer etc. #io2010
about 2 hours ago

JavaScript tests show that V8 blows the iPad and Éclair out of the water…literally! #io2010
about 2 hours ago

V8 for #Android will improve JavaScript 2-3 times! #io2010
about 2 hours ago

#Apple iPad given the connectivity it deserves with #Android! Hilarious! #io2010
about 2 hours ago

Tethering announced at platform level. Demo time! #io2010
about 2 hours ago

Cloud-to-Device API sends Android intents from pc to Android device! #io2010
about 2 hours ago

Cloud-to-Device API – *INSERT DIGG AT IPHONE* – #io2010
about 2 hours ago

App Data Backup API backs up data and application in #Froyo #io2010
about 2 hours ago

20+ FPS speed improvement in a demoed game due to JIT #io2010
about 2 hours ago

Speed! JIT compiler will be included in #Froyo 2.2! #io2010
about 2 hours ago

Now on to #Google #Android 2.2 #Froyo update
about 2 hours ago

LanceUlanoff
Google: 60 Android devices since launch 18 months ago. Here are some of them. #googleio http://tweetphoto.com/23195787
about 2 hours ago – Retweeted by you

One billion miles navigated with #Google’s turn-by-turn navigation application in 6 months! #io2010
about 2 hours ago

100,000 new #Android activations every day! #io2010
about 2 hours ago

Epic start to the #Google #io2010 keynote! “Not the future we want!”
about 2 hours ago

Related posts:

1. Android 2.2 Froyo Manual Update for Nexus One It hasn't been long since Google officially announced Google Android...
2. Google Buzz – First Impressions I'm finding the whole Google Buzz thing very interesting indeed....

Related posts brought to you by Yet Another Related Posts Plugin.

Abstract

Software development has experienced a rapid change with the rise of distributed software development. Multi-site development, co-development, outsourcing, open source and compliance mandates are placing new demands on software development businesses. At the same time, IT executives and development managers are under increased pressure to deliver better products faster while reducing development costs.

As a result, new and unique risks have been introduced to the software development process. This report looks at what distributed software development is, the risks associated with it and the issues with managing the risks in distributed software development projects.

Introduction

In the recent past the development of software has evolved from being performed at a single site to being geographically distributed across the world. This is known as “global software development” (GSD) or “distributed software development” (DSD). There have been many reasons for this, however, the most predominant reason is understood to be offshore work. Offshore labour provides businesses with skilled labour, around-the-clock development (Lipps, 2005) and low-labour cost savings in developing countries. A study by McKinsey (2002) shows that software development costs in India are four times less than that in the United States. Another reason for the growth of DSD is due to recent advances in technology, including the Internet. The Internet has made location irrelevant, therefore, making DSD possible through remote collaboration. It was estimated in 2004, that ten percent of employment in United States IT companies would be located in developing countries by the end of the year (Gartner, 2004).

Businesses search for competitive advantages in terms of cost, quality and flexibility in the area of software development, looking for productivity increases as well as risk dilution (Boehm, 1991). Sometimes, businesses view DSD as an increasing risk, since involves a management overhead and compliance to international standards. Often the these competitive advantages force companies to search for global solutions, usually in the form of offshore software development.

Developers and managers are facing many challenges, social, technical, political and cultural. And this change is having an impact on the way products are conceived, designed, tested and delivered to customers (Jiang, 1999). DSD creates new opportunities for competition and collaboration (Herbsleb, 2001). However, it also creates some problems such as a project failures, non-compliance, collaboration issues and managerial issues; making risk management in DSD projects more important than ever.

Risk Identification, Management & Mitigation

Risk in general risk is defined by uncertainty and loss rather than by something that is directly measurable. While “risk management” can be defined as:
“The business of identifying and evaluating the threats, options and possible outcomes of decisions” (Wiegers 1998).
Wiegers (1998) goes on to describe project risk as a problem which has not yet happened but which could cause some loss or threaten the success of the project if it did. These descriptions help to show the vagueness and subjectivity when defining risk.

The Software Engineering Institute introduced risk management as a software management discipline for dealing with the possibility that future events may cause adverse effects (SEI, 2009). The major functions of a risk management framework include the identification of risk types, planning how to avoid risks and also how to detect, mitigate and recover from issues that do occur. Monitoring, mitigation and recovery may be specialised for an individual risk or a risk class, depending on the chance and potential effects of that risk. Highly likely, serious risks receive a specialised plan or dedicated tasks for monitoring, mitigation and control, whereas less likely, less catastrophic, or more generic groups of similar risks can be handled together.

Risk assessment usually depends upon many assumptions, variables and factors, including the experience and attitude of the software development team. The team is likely to attempt to assess the potential profit and loss of choices before taking a risk, however, this is never a straight-forward task.

It is possible to attempt to apply some objectivity to the process of estimating the significance of risk. This could be achieved by guessing the outcome of the probability of an event occurring, multiplied by the assumption of the impact if the event was to occur. This is known as “Risk Exposure” and can be illustrated with the formula (Hillson, & Hulett, 2004):

Risk = Impact x Chance

In other words, risk exposure is equal to the size of potential disaster or gain, multiplied by the possibility of it happening (See image 1).

Image 1. Risk Impact Probability Chart.

The representation of risk in the form of a formula may appear to solve the issue, however, it remains difficult to assign a value to each of the variables. Despite this, it is one of the best methods to allow a manager to quantify the risks and priorities during a software development the project.

There are two commonly accepted risk management methodologies used in software development projects, the “evaluation approach” and the “management approach” (Higuera, & Haimes, 1996).

The evaluation approach sees risk management as an analytical process that attempts to discover risk factors. After a project has ended, information about the project’s success or failure is collated and then used in the risk identification process of future projects. Therefore, this method of risk management has an indirect affect on the success of a project due to the information collected not being used on the project from which it was obtained.

The management approach, looks at risk management to be means by which information is gathered and analysed with the aim of supporting the decision making process in a current project. This approach doesn’t identify generic risks, however, it focuses controlling the risks that are relevant to the current software development project. Therefore, it is common for the risk information to be obtained through relatively informal methods, such as brainstorming. This type of risk management methodology has a direct affect on the success of the current project.

The risks that occur is DSD and the issues that arise when managing them will be discussed in the next section of the report.

Discussion

Common Distributed Software Development Issues & Risks

There are a set of inherent problems and challenges in software development, with DSD adding factors such as geographic, language, communication and cultural differences. This has both exaggerated challenges and added new ones to the development process; affecting strategic decisions, knowledge and risk management. As a result, the work in DSD environments is more problematic than in centralised ones, and the importance of risk management must be emphasised in projects using DSD (Herbsleb, 2001). Some of the problems and risks created by DSD are now discussed.

Cost Reduction

One of the largest risks with DSD involves the cost saving expectations businesses have with regards to offshore outsourcing. Businesses tend to assume that offshore labour will produce savings, that a full-time equivalent in India will be 30% cheaper, for example. However, they can often fail to consider the hidden costs and differences in operating models. In reality, most IT businesses save approximately 20% in year one, with cost reductions often being about 40% in year three. This is usually due to companies learn how to operate offshore and align to a distributed development model (Overby, 2003).

Scope Creep

In DSD a contract very rarely contains a fixed price. instead they offer price baselines and assumptions. If the actual work varies from estimates, the client will pay the difference. This has become an issue for IT businesses that expect fixed prices, or the vendor expects to be paid for incremental scope changes (Russell, 2008).

Data Security

IT businesses using DSD teams need to implement security practices and investigate if the other businesses involved can meet their security requirements. While most IT businesses find offshore security practices impressive (Burson, 2010), the risk of security breaks or intellectual property protection is increased when working internationally. Privacy concerns must be completely addressed. Although these issues rarely pose major impediments to DSD teams, the requirements and processes must be defined.

Loss of Business Knowledge

Typically, IT businesses have business knowledge that stays within the developers of applications. This expertise may be a proprietary or competitive advantage. When developers of a software project are distributed, companies should review their business knowledge and decided if moving it either outside the organisation or to an offshore location will compromise the project or any company practices.

Failure to Deliver

A contingency plan for what happens if the development team fails to deliver a product is often not considered carefully enough (NAO/OGC, 2002). Even with the quality methodologies in place, project failure does occur (see Appendix 1). When considering outsourcing, IT businesses should assess the affects of project failure. High risk might deter the organisation from outsourcing in the first place, alternatively it might shift the outsourcing strategy from a single vendor to multiple vendors. The company may even decide to outsource to a development team that has specific skills to reduce risk (CISCO, 2007). Risk analysis vary between companies, but again it is the process of risk analysis that is important.

Geo-Political Risks

All businesses are subject to various government oversight. IT businesses must ensure that the offshore development teams are understanding of industry-specific requirements. They must also be able to comply with government regulations while proving compliance during audits (Blacharski, 2010). The issue of transparency is becoming more significant as requirements such as the Sarbanes-Oxley Act place greater accountability on all American corporations or corporations that wish to trade with America (SOXLAW, 2002).

Managing Risks in Distributed Software Development

It can potentially be hard to deploy, execute and control projects in DSD environments because of non-technical factors such as social, cultural, behavioural, and political issues (Royal Academy of Engineering, 2002). Other studies (Herbsleb, 2001) present the same difficulties but also suggest technical factors such as the software development process, project management, project size and complexity. Risk management in distributed software development is an important and necessary activity and if implemented correctly it can control both technical and non-technical problems in distributed development projects (Nakatsu & Iacovou, 2009).

Therefore, risk management has become important in DSD projects, regardless of whether teams are from one or several businesses. Whether a project is developed globally or in the same city, having geographically dispersed teams using collaboration technologies and developing distributed projects also adds more risk factors to the projects.

There are three categories of risks in DSD projects: organisational, technical and communication. Additionally, some risks belong to more than one category, and these should be in the top of the priorities list (Paulk, Weber, Garcia, Chrissis, 1993).

Risk management in DSD (see image 2) projects should be performed not only in the project level, but also in the organisational level (Weigers, 1998). This will help to decide if a particular project can be developed by geographically separated development teams (strategic). Also, the decision of where the project will be better developed can also be a problem (tactical). Risk analysis considering the positives and negatives of project distribute is usually necessary. This is best performed with the use of model suited for a DSD environment.

Image 2. Use Case diagram illustrating Risk Management is a DSD project involving offshoring.

One such model is the Software Development Distribution Model (see image 3), where the strategic and tactical decisions are made while following a series of processes. This generally performed by senior managers and development centre manager.

Image 3. DSD Model

The risk analysis is shown in step two, after the distributed development demand definition in the previous step. A risk and benefit analysis should be undertaken to tell if a distributed development environment is suitable for the project. In step three a risk assessment is used verify the risks and benefits of different development teams and locations. Once this is selected, resource allocation occurs in step four and finally, in step five, the project begins (Higuera, & Haimes, 1996).

Conclusion

Distributed software development is unique because both distributed software development and the software development process introduce new and unique risks to a software development project. Distributed software development teams should implement risk analysis at multiple levels in order to help in the decision as to whether or not to use distributed development and the best ways in which to do so.

Although risk management in distributed software development involves risk management concerning the project, an important aspect of the process is the integration of the risk analysis and mitigation at the strategic and tactical levels, as well as the risk management process being performed at the operational level (see image 2). Despite the process to select appropriate centres to develop a project and a process to manage risks when a project being executed; the processes are not typically integrated (ENISA, 2007).

Correct execution of risk management within DSD projects requires recognition of the process specifics and compliance to standardised principles and practices. The Software Engineering Institute (1996) defines some key principles of risk management in DSD:

• Unified vision of the project and its goals;
• Concise Teamwork;
• A global perspective, shared by all of the teams;
• Open communication between the distributed development teams;
• Standardised management techniques that are integrated throughout the project and development centres.

By nature software development projects are dynamic and no two are ever the same, this has resulted in many risks that must be identified, managed and mitigated. In order to have a successful DSD project, businesses need to manage risks effectively. However, one of the main reasons that risk management is inefficient or not implemented, is due to the lack of documentation of both success and failures in DSD projects. Knowledge about risk management alone is not enough.

Learning from past experiences is required in order to assist senior managers and project managers to plan for and control risks (see image 2). DSD provides a good opportunity to take advantage the benefits of knowledge management since the DSD model involves additional steps not found in traditional risk management models.

References

Blacharski, D., 2010. Software Compliance Issues in Outsourcing Code Development. [Internet] Available at: http://www.sourcingmag.com/content/c060403a.asp [Accessed 02 March 2010].

Boehm, B.W., 1991. Software risk management principles and practices. [PDF] Available at: http://classes.cec.wustl.edu/~cse528/PrinciplesandPractices.pdf [Accessed 04 March 2010].

Burson, S., 2010. Outsourcing information security. [Internet] (Updated: 12 January 2010) Available at: http://cio.co.nz/cio.nsf/depth/9507386F51BFD3D5CC2576A800063156 [Accessed: 18 March 2010].

CISCO, 2007 . Risk Mitigation: Reducing Risk Through a Single-Vendor Integrated Network. [Internet] CISCO Systems Inc. Available at: www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/ps713/prod_white_paper0900aecd806db80d.htm [Accessed 19 March 2010].

ENISA, 2007. Integration of Risk Management with Business Processes. [Internet] Eurpoean Network and Information Security Agency. Available at: www.enisa.europa.eu/act/rm/cr/business-process-integration [Accessed 07 April 2010].

Gartner Inc., 2004. Business Week. [Internet] (Updated: 01 March 2004) Available at: http://www.businessweek.com/magazine/content/04_09/b3872001_mz001.htm [Accessed 02 March 2010].

Herbsleb, J. D., Mockus, A., Finholt, T. A., & Grinter, R. E. 2001. An empirical study of global software development: distance and speed. In Proceedings of the 23rd international Conference on Software Engineering. Available at: http://conway.isri.cmu.edu/~jdh/collaboratory/research_papers/ICSE_01_final(2).pdf [Accessed 03 March 2010].

Higuera, R., P., & Haimes, Y., Y., 1996. Software risk management. [PDF] Available at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.93.1421&rep=rep1&type=pdf [Accessed 12 March 2001].

Hillson, A., & Hulett, D., 2004. Assessing Risk Probability: Alternative Approaches. [PDF] Available at: http://www.risk-doctor.com/pdf-files/hha0404.pdf [Accessed 08 March 2010].

Jiang, J.J., Klein, G., 1999. Risks to different aspects of system success. Information and Management 36 (5), 263-272. Available at: www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6VD0-3XNT1WB-3&_user=164147&_coverDate=11/30/1999 [Accessed 03 March 2010].

Lipps, J., 2005. Around-the-clock-development. [Internet] (Updated 08 July 2008) Available at: http://www.teleios.us/weblogs/jlipps/73teleios.us/weblogs/jlipps/73 [Accessed 02 March 2010].

McKinsey, 2002. NASSCOM-McKinsey Report 2002. [Internet] NASSCOM (Updated: 12 July 2006) Available at: http://www.nasscom.in/Nasscom/templates/NormalPage.aspx?id=2598 [Accessed 02 March 2010].

Nakatsu, R., T., Iacovou, C., L., 2009. A comparative study of important risk factors involved in offshore and domestic outsourcing of software development projects: A two-panel Delphi study. [PDF] Available at: http://www.sciencedirect.com/science/article/B6VD0-4VBM4CK-1/2/acb609f3cf985d0de1a4bb2e07a77a7d [Accessed 29 March 2010].

NAO, 2002. Better Public Services Through e-Government. National Audit Office. [PDF] Available at: http://www.governmentontheweb.org/downloads/papers/Cultural_Barriers.pdf [Accessed 20 March 2010].

NAO/OGC, 2002. Common Causes of Project Failure”, National Audit Office and the Office of Government Commerce. [PDF] Available at: http://www.ogc.gov.uk/documents/cp0015.pdf [Accessed 20 March 2010].

Overby, S., 2003. The Hidden Costs of Offshore Outsourcing. CIO Magazine, 2003. [Internet] Available at: www.cio.com/article/29654/The_Hidden_Costs_of_Offshore_Outsourcing [Accessed 18 March 2010].

Paulk, M., C., Weber, C., V., Garcia, S., M., Chrissis, M., B., M., 1993. Key Practices of the Capability Maturity Model. [PDF] Carnegie Mellon University. Available at: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.86.4727&rep=rep1&type=pdf [Accessed 05 April 2010].

Royal Academy of Engineering, 2002. Common Methodologies for Risk Assessment and Management and The Societal Aspects of Risk. The Royal Academy of Engineering. [Internet] Available at: http://www.raeng.org.uk/news/publications/list/default.htm?TypeID=2&PubType=Reports [Accessed 27 March 2010].

Russell, L., 2008 Dealing with Scope in software development projects. [PDF]Project Smart. Available at: http://www.projectsmart.co.uk/pdf/dealing-with-scope-creep-in-software-development-projects.pdf [Accessed 18 March 2010].

SEI, 1996. Software Risk Management – SEI report CMU/SEI-96-TR-012. [Internet] Software Engineering Institute. Available at: ftp://ftp.sei.cmu.edu/pub/documents/96.reports/ps/tr012.96.ps [Accessed 07 March 2010].

Software Engineering Institute, 2009. A Project Management Process Area at Maturity Level 3. [PDF] Available at: http://www.sei.cmu.edu/cmmi/casestudies/mappings/pdfs/upload/Redline-RSKM-2.pdf [Accessed 07 March 2010].

SOXLAW.com, 2002. A Guide To The Sarbanes-Oxley Act. SARBANES-OXLEY ACT 2002. [Internet] Available at: http://www.soxlaw.com/ [Accessed 22 March 2010].

Weigers K., 1998. Know Your Enemy: Software Risk Management. [PDF] IEEE. Available at: http://www.processimpact.com/articles/risk_mgmt.pdf [Accessed 07 March 2010].

Related posts:

1. Risk Management and Software Development This report analyses the relationship between risk management and the...

Related posts brought to you by Yet Another Related Posts Plugin.

Introduction

TCP/IP

The Transmission Control Protocol (TCP) is one of the core protocols of the Internet Protocol Suite. IP performs the delivery of data via the internet, whereas TCP is only concerned with the data packets themselves. TCP is connection-oriented, therefore, before any data can be transmitted, a connection must be established and confirmed. TCP level data transmissions, connection establishment and connection termination maintain specific control parameters that govern the entire process. The control bits are listed as follows (TCP/IP Guide, 2005):

• URG: Urgent Pointer field significant.
• ACK: Acknowledgement field significant.
• PSH: Push Function.
• RST: Reset the connection.
• SYN: Synchronise sequence numbers.
• FIN: No more data from sender.

A three-way handshake will take place in both creating and terminating a connection. A TCP connection between the two end computers is established via a three-way handshake (see figure 2). The steps of a three-way handshake are as follows (TCP/IP Guide, 2005):

1. Client A sends SYN packet to Client B.
2. Client B sends SYN/ACK packet to Client A.
3. Client A sends ACK packet to Client B.

Denial of Service Attack

A denial of service (DoS) attack is characterised by an explicit attempt by attackers to prevent legitimate users of a service from using that service (CERT, 2003). A distributed denial of service attack (DDoS) attack, is a denial of service attack, which instead of using one host as the base of attack instead uses multiple hosts, hence the name distributed.

Figure 1. A high-level diagram of a typical DDoS Attack.

There are two basic types of DoS attacks, flooding-based and application-based, the former uses the large number of requests to fill up the victims buffer while the later tries to disable the application in some way making it unusable (Schneier, 2000 p. 43). A DDoS or DoS attack doesn’t break into the computer attacked, it simply floods the target with so many requests to the service being attacked that it can’t handle the legitimate requests. A DDoS or DoS attack doesn’t provide an attacker with information stored on the target system, however, it can be used as a part of an attack chain of incidents leading to that goal. The three most common types of DDoS attack are an ICMP Flood, UDP Flood and TCP SYN Flood (ANML, 2008). In this section of report, a TCP SYN Flood attack and the methods used in order to discover it are discussed. This is followed by recommendations on how to reduce the likelihood of a successful SYN Flood attack against a network.

Scenario – TCP SYN Flood Attack on a Corporate Network

SYN flooding occurs when a server receives more incomplete connection requests than it can handle (Russell, Bidwell, Steudler, Walshaw & Huston, 2001). Normally, hosts that wish to exchange data over a TCP connection must initiate the session using a three step process known as the three-way handshake (TCP/IP Guide, 2005). The SYN flood attack is based on preventing the completion of the three-way handshake, by preventing the servers from receiving the TCP ACK flag (see Figure 2). Unlike a normal TCP connection request, the SYN flood attack does not send the final ACK packet which leaves a server’s port in a half-open state. The attack succeeds because the number of half-open connections that can be supported per TCP port is limited. When the number of half-open connections is exceeded the server will reject all subsequent incoming connection requests until the existing requests time out (Mirkovic & Reiher, 2004). After each time-out the server port sends a RST to the unreachable client. At this point the attacker must repeat the process again to maintain the denial-of-service attack.

Problems with a TCP SYN Flood Attack on a Corporate Network

DoS attacks can disable a computer or an entire network. Depending on the nature of the enterprise, this can effectively disable an entire organisation (CERT, 2003). The main problem with DDoS attacks is that the attack  often uses legitimate requests to flood the target, in this case TCP SYN packets. This makes it hard to distinguish from the legitimate requests and attempting to do so can time consuming and can create large overheads. Popular corporate sites, services and networks are a common target for a DDoS attack. This might include financial organisations, critical infrastructure, or even telecommunication networks such as nameservers that are used to manage the internet infrastructure (TCP/IP Guide, 2005b). As tools become easier to use and more accessible, business are being attacked by employees, competitors and by “cyber-terrorists” (Solms, 2001). If the attacker causes a corporate system to run inefficiently, it will usually result in financial loss for that company. Even if there is no financial loss initially, the DDoS attack it may cause negative consequences or expose vulnerabilities leading to other cyber-crimes such as data-theft and fraud.

Nmap

Nmap, short for “network mapper,” is a tool-kit that performs network scans (Nmap.org, 1997). It can be used for security scans, in order to identify what services a host is running, to “fingerprint” the operating system and applications on a host, or to do a quick inventory of a local network. The basic syntax for Nmap is “Nmap Scan Type Options Target” (Nmap.org, 1997). Nmap can be used to detect a SYN Flood DDoS attack that is in progress. Nmap does this by sending a SYN packet to a port for the purpose of scanning that port to check if the port is up or down. This can be done by using the following Nmap command:

“nmap –sS [ip address] -p[port number]” (Nmap.org, 1997).

josef@josef-laptop:~$ sudo nmap -sS 192.168.1.11 -p25

Starting Nmap 5.00 ( http://nmap.org ) at 2010-04-03 10:47 BST

Interesting ports on 141.163.113.162:

PORT   STATE SERVICE

25/tcp open  smtp

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

josef@josef-laptop:~$ sudo nmap -sS 192.168.1.14 -p25

Starting Nmap 5.00 ( http://nmap.org ) at 2010-04-03 10:49 BST

Note: Host seems down. If it is really up, but blocking our ping probes, try -PN

Nmap done: 1 IP address (0 hosts up) scanned in 0.34 seconds

Netstat

“netstat –n –p tcp” (Netstat Systems, 2007).

No related posts.

.

Abstract

Cloud computing is a relatively new concept that is becoming increasingly popular within corporate environments. Originally delivered as a service, it has gained early popularity with web start-ups looking to outsource server administration. As the concept spread the industry has now embraced two types of cloud computing: public and private. This report compares the performance and cost effectiveness of both private and public of cloud computing.  A literature review is performed to gain an understanding of cloud computing and its uses.

A hypothesis is then formed at the end of the literature review, in order to allow the experiment to be designed and performed to gather results to prove or disprove the hypothesis.

Various tests are performed on both a local Ubuntu Enterprise Cloud (UEC) and a public Amazon Elastic Compute Cloud (EC2) in order to get an idea of how they compare in overall system performance and cost. Included in the tests are computing power (CPU) and raw disk I/O throughput. A consistent testing methodology across various machine instance sizes over a two-week time period is be used to collect the results.

Subsequently, the results are evaluated and the hypothesis is discussed. after which various corporate scenarios are discussed where both public and private cloud computing could provide a performance and cost effective solution.

Introduction

The combination of the hardware and software in a data centre is referred to as a “cloud.” The difference between private and public clouds is dependent on where is the cloud deployed. A public cloud is offered as a service, usually over an Internet connection, while private clouds are deployed inside the firewall and managed by the user’s organisation (Chang, 2010). Both types of cloud computing infrastructure offer very unique experiences and capabilities to the end user.

Public clouds typically charge a fee that is based on how many computing resources a user consumes (usually called a compute unit), eliminating the need for users to plan far ahead for provisioning resources (Weiss, 2010). Users can scale the computing capabilities of a public cloud to suit their requirements on-demand and will not need to purchase expensive IT hardware.

Private clouds are usually built from software running on legacy hardware. The storage is typically not shared outside the enterprise and full control is retained by the organisation (Weiss, 2010). Scaling the cloud is achieved by adding another server and the self-managing architecture expands the cloud by adding performance and capacity.

Cloud computing is a recent evolutionary step of web-based information delivery and computation. In the past the Internet has served as an infrastructure for applications and both static and interactive web pages. After which, hosted applications like Google Mail and Google Docs appeared. As these types of web applications added more user-configuration, they were renamed Software-as-a-Service (SaaS) (Chang, 2010).

With a growing number of companies wanting to take advantage of SaaS, Amazon released, “Amazon Web Services” that enables companies to operate their own SaaS applications (Amazon Web Services, 2010). Other large companies began to realise that they could replicate this platform for their own internal use by creating a “private cloud.” Ubuntu Server Edition, running Ubuntu Enterprise Cloud with Eucalyptus (Eucalyptus Systems, 2010) is one such example of this.

Just as the public Internet gave rise to private corporate intranets, private cloud platforms are arising due to public cloud computing. Both public and private cloud platforms are looking to deliver the benefits of cloud computing to their users. Whether using a private or public cloud, in a business it is crucial to understand cloud computing requirements and the business needs. However, we must first understand the benefits that drive these decisions.

Read More…

View the rest of my “A Performance and Cost Evaluation of Web-based Distributed Information Delivery and Computation in Public and Private Cloud Computing Environments” report here in Google Docs.

Related posts:

1. Computing Fair The final year project computing fair will allow students to...

Related posts brought to you by Yet Another Related Posts Plugin.

In recent years, there has been a significant growth in the number, size and power density of data centers. This has been fueled by paradigms such as software as a service (SaaS), cloud computing (Armbrust, 2009), and a range of Internet-based businesses, social networking sites and multimedia applications and services (Buyya et al., 2009). With this growth, concern about the energy consumption and environmental sustainability of data centers has also grown.

As a result, data centre managers and IT businesses struggle to support their businesses in the face of budget cuts and uncertainty about the future. It is, therefore, not unusual that environmental sustainability is not a priority in many companies at this time. However, becoming sustainable and “green” is good for both the business and the environment. Reducing energy use and waste while increasing the use of recycled materials improves a company’s bottom line while showing positive business ethics to your customers and employees. However, it is not always clear to know how to move to greener and more sustainable operations.

Read More…

Read the rest of the report here on Google Docs.

Related posts:

1. Data Loss – A Time for Change Mobile technology and cloud computing have brought about a radical...

Related posts brought to you by Yet Another Related Posts Plugin.

To provide a visual summary of my project I created a poster that will be part of a display at the computing fair. To view my poster for the final year project computing fair, please click here.

Related posts:

1. Project Initiation Document A project initiation document is a logical document that brings...
2. Final Year Project Proposal Bid4It is an online auction marketplace that features items and...
3. First Progress Report The project began with the research of a possible approaches...

Related posts brought to you by Yet Another Related Posts Plugin.

View the rest of the second interim report here.

Related posts:

1. First Progress Report The project began with the research of a possible approaches...

Related posts brought to you by Yet Another Related Posts Plugin.

Buzz has great potential, a lot of which isn’t apparent at first. Currently you can pull up Google maps on your Android device and look at all of the Buzzes in a certain location. Want to see if there is an accident on the road to work? Check for clusters of Buzzing on Google Maps. Want to know what a gig is like? Keep an eye on Buzzing in that location for information and photos.

It does seem to encourage the Google Wave communication methodology that exists somewhere between Google mail and Google Chat (but this time with social media goodness thrown in). Plus, with the vast varity on information stored on Google’s services these days (photos, email, docs, feeds etc) Google Buzz could be a medium way to share your information.

Buzz does not only seem to lie between Google Mail and Google Chat, but also also partially exists in the space between Twitter’s public nature and Facebook’s private messaging, due to the public and private functionality built in. Obviously tweets can be private and Facebook public, but each service is perceived differently. It looks like Buzz will sit in the middle, using the option to change between public & private.

Google Buzz is reminding me slightly of FriendFeed and it’s ability to amass data. You can combine your Picasa, Flickr, Twitter and Google Reader updates into your Buzz feed in a similar fashion to FriendFeed.

I am curious as to what will happen to Google Wave now that Buzz is here. The two do overlap somewhat, although not entirely – But enough to be significant. Google Wave was excellent for taking collaborative notes and producing reports with a group (when I didn’t forget to check it!) but my use of it slowly faded. However, Gmail is now still the best email service out there, plus I am always signed in to Gmail on my Nexus One. It’s going to be interesting to see if Buzz and Wave develop their own personalities, or will Buzz just replace Wave?

Related posts:

1. Facebook Releases FriendFeed Code as Open Source Yesterday at the Facebook blog, David Recordon announced that Tornado,...
2. I Can Has Tweets Plez? "Twitter is allowed to use, copy, reproduce, process, adapt, modify,...
3. Facebook Lite Launched The awesome team at Facebook have been launching new features...

Related posts brought to you by Yet Another Related Posts Plugin.

Skills for the Information Age

ICT Industry – Practice

Information viewed as an organisational set

The rise (and fall?) of the Chief Information Officer (CIO)

Side-notes

Is our orientation now aimed towards service?

ITIL v.3

Configuration Management

Skill Level (tag)

7. set strategy/inspire

6. initiate/influence

5. ensure/advise

4. enable

3. apply

2. assist

1. follow

Related posts:

1. Risk Management and Software Development This report analyses the relationship between risk management and the...
2. Evaluation of Cloud Computing Cloud computing is a relatively new concept that is becoming...
3. Final Year Project Proposal Bid4It is an online auction marketplace that features items and...

Related posts brought to you by Yet Another Related Posts Plugin.