Room Utilisation Project

This was a large, three term long, group project. We were given complete freedom to decide on a topic. After a lot of deliberation, we all settled on a project that we titled “Attendance and Room Utilisation”. This project would improve the current method that the University uses to calculate both student attendance and classroom/lecture theatre seat utilisation.

We noticed that our University hired a small team of people to carry iPads, with a spreadsheet on, around campus popping their head into each room and quickly counting how many people are in there. This would happen once an hour, every hour, for every room on campus. This is extremely laborious and ultimately error prone.

To record student attendance (which really is only counted to keep an eye on first years) tutors have to pass a class list round where students sign there name. The issue with this is that if someone has slept in or can’t be bothered to get dressed, they text a mate to sign in for them. It is too easy to cheat the ‘system’.

Our system would counter these issues by requiring students to swipe into a room with their University allocated RFID chipped student cards. The card reader would process this swipe in adding records to a central database that counts the times a student enters a timetabled or non-timetabled session. Staff are able to log into a web interface to retrieve reports about overall attendance or specific reports about rooms, modules, or students.

MySQL data modelTo realise this system, we had to develop the database data model that would support the complex time-based data of students ‘checking in’ to both their timetabled sessions and also personal study time. This involved normalising the database structure to enable efficient storage as the database would be populated with vast amounts of data. Along with the database, we created a RFID scanner simulator (simulator because we didn’t have the funds to get a RFID reader) which was written in Java and used the JDBC library to connect to our MySQL database. I hosted the code for this on GitHub under the codename Ricky. This scanner was multithreaded so that it could continue to scan cards even if the system was running slower than usual.

Mockup of the web front endThe final part of our system was the web front end. This was written in PHP and hosted on Amazons cloud services (though it would be hosted internally on release). It provided access only to staff through a log in screen. Once authenticated, staff could view reports of the data but could also download a comma separated value file of the entire database for further processing in Excel or other mathematical packages.

For this project, we were graded 67%. Of course we’re very pleased with this mark, but we feel that we could have got a higher mark by focusing a little more on the documentation at the later stage of the project.

If you have any questions or would like more details about this project then please ask me. This was a large project and I have too much content to attach here, this is just an overview.

“Is Hacking Now Pervasive?” Security Presentation

My degree at University includes a second year module titled ‘Computer Security Management’, and although it is clearly aimed at Computing students it is my belief that everyone should be given this sort of information. Computer Security is a massive part of any IT professional’s life but the average user at a desk should be aware of the risks they are facing too. Knowledge is power!

As part of this module, we were asked to give a group presentation on any topic that we like (apart from topics already covered by our lecturer). My group consisted of Nathan (previously mentioned in my Java client server coursework) and Dan (@DannySlaney) and it took us weeks to find a topic that we thought would be interesting enough and have an element that we could demonstrate.

Eventually, after a few hardcore researching sessions at my house, a project came to us. We titled it “Is Hacking Now Pervasive?”. What we meant by this was, is the information and are the techniques traditionally only available to hackers readily available and easy enough to use? In short, our answer is yes.

Obviously Google is pretty helpful at finding information. The right search terms and you could be lost forever in the darker regions of the internet among the l33t haxx0rz. But surprisingly, the tools of the trade are made readily available, pre-compiled, and sometimes with a nice GUI on Open Source operating systems such as Backtrack. Backtrack is SUPPOSED to be used by the good guys for penetration testing, which is where ethical IT professionals use hacker type tools to test that their systems are secure and not vulnerable to common (and not so common) attacks.

Even more surprisingly, we found that tools are also available for your regular Android phone to perform a wide variety of ethically-questionable actions. WiFi Kill, FaceNiff, and Anti are just a few tools build as simple Apps for a rooted Android based mobile phone that use a variety of sophisticated techniques (such as ARP Spoofing) to perform attacks such as man in the middle, denial of service, and many more.

Being aware of the availability of these tools helps to be proactive in defending against them. Oh, and also, we got a first for this presentation (75%).

Java Cinema Booking Client and Server

Another University project that I want to talk about is a client/server cinema booking system written in Java. I worked with my good friend Nathan on this as it could be completed in pairs. We used GitHub (obviously) to host the project and the repo can be found under Task2.
We achieved a mark of 90% for this as we implemented all of the requirements to a good standard. We also had a report to produce, explaining design choices, etc. It’s not interesting, but the report’s here if you want it.
The main points that I’d like to discuss about this project are:

  • Implementing Multithreading

    Multithreading is the ability to run code in parallel within one process. Java makes this very easy by providing a Thread and Runnable classes to allow developers to extend or implement. The main problem that we faced when dealing with multithreading was multiple access to data. We had a central object on the server which contained all data, two threads (read user connections) should not be able to read from or write to this object at the same time. Access to this critical region was controlled by synchronising access to objects with synchronised methods and the synchronised keyword.

  • Building a protocol

    As this project was quite large (Nathan and I had not dealt with a project of this scale before) we needed to ensure that there was a formalised way of communicating between clients and servers. This helps to ensure that the server and clients can communicate easily and also makes it easy to notice an error. We built two classes to model the client/server communication in this project; a Request class, and a Response class. We chose these names as we felt that they fitted the nature of the connection. A client makes a ‘Request’ to the server (to log in, to make a reservation, etc.) and the server passes back a ‘Response’ with details of what happened (the result of a query, success message, error message, etc.)

  • Graphical User Interfaces

    Initially we had veto’d this aspect of the project as we were daunted by the scale of the project and didn’t think we should have enough time to learn and implement an AWT/Swing Java graphical interface. In the early stages of the project, while I was working on the basics of the server, there wasn’t anything Nathan could have been doing so he decided to look into Swing and took well to it quickly so we changed out mind about implementing a GUI. Nathan implemented most of the interfaces that are in the project, the rest were from my reuse of his code.

I loved this project and learnt a lot about software development, Java, and the client server model.