Slepi.NET

System Analysis is a phase in SDLC, in which the process of gathering information about the current system (called the As-Is system), identifying and analyzing its strengths and weaknesses, is conducted. Expected deliverable of this analysis phase is a conceptual/logical design of the new system (called the To-Be system) which will be built (in the next phase - design phase) based on the requirements. Note that the term As-Is system here refers to any existing system whether it's computerized or not, thus it's not necessarily be about an installation of software packages or certain computer applications.

SDLC defines three fundamental strategies for system analysis, each strategy is not likely better than others but rather more suitable for certain type of projects or system requirements. It is the responsibility of a System Analyst to choose the most appropriate strategy for the project. All three strategies have the similarity in that they all cover all three processes described above. For a relatively complex system, it is common to complete the process in an iterative manner, going forth and back repeatedly in order to make better analysis.

One of most frequently asked questions I find in the web development mailing list is "How can I execute a root-privileged commands from my scripts?". I found this question so often that I think it would be worthy for me to write this entry. There are several solutions for this situation however, and each comes with different impacts on both performance and security degree of the application.

Smarty is perhaps the most powerful and widely used PHP template engine available for PHP-based application developments. Though its usage has now been a bit pulled-aside by the rise of more advance frameworks such as Drupal or CakePHP, which come with their own template system implementations, for a "bare" template engine Smarty is still the favorite. I myself still use the combination of Smarty and PEAR (PHP Extension and Application Repository) for most of my PHP projects.

Taking it more than just a template engine, Smarty provides a built-in caching functionality. Smarty caches the server response, and that is in pure HTML. This is nice in the term of performance, especially for an extensive script-processing generated page (ie. script that does several database queries). As long as the cache hasn't been invalidated, in subsequent request of the page Smarty will simply return the pure HTML cache instead of executing the script every time.

SDLC (System Development Life Cycle), just as the name implies, is defined as the process (as a whole) of developing system or software to meet certain requirements. It covers many activities; starts from understanding why the system should be built, studying the project feasibility, analyzing problems, choosing the system design and architecture, implementing and testing it, up to delivering the system as product to the user. SDLC is a process of gradual refinement, meaning that it is done through several development phases. Each phase continues and refines what's done in the previous phase.

SDLC tries to achieve high quality system that meets or exceeds the requirements. Many methodologies have been developed and introduced in order to implement SDLC; some of them also try to improve other (previously) known methodology. Although each method follows certain different techniques and steps, they are all must go into the same development phases described above. There are many system development methods known today, but most of them basically are extended from three main methodologies which are Structured Design, RAD (Rapid Application Development), and Object-oriented Analysis and Design.

Spambots are automated scripts that crawl on the net searching for URLs containing some kind of application forms - such as forums, guestbooks, or comment form on popular blogs -, and then automatically posting whatever its initial launcher (spammer) wants everybody to know. It usually carries commercial messages, offers, or simply just site promotions. This annoying practice has been one of the biggest problems of the Internet since the early days.

There are several known ways to fight this kind of spambot, like applying moderation mechanism to allow moderators of the site doing some sort of manual checking and validation against every post submitted. Despite being an effective (yet not too efficient) way to prevent spams, there is in fact a more preferred method called CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). As being indicated by the word automatic in the name, this AI-based testing attempts to eliminate manual validations existed in a moderated system, adding a higher degree of efficiency.

Different algorithms have been developed to implement CAPTCHA. The most popular one is by challenge users to rewrite a certain text or word presented as a distorted image, assuming such text will be difficult for computer to read but still recognizable to human. Another algorithm is to present users a sound and challenge them to write what they've heard. But my favorite CAPTCHA implementation is the old and simple text-based challenge. It works by asking users to answer a randomly generated question, like "What is the color of the sky at night?" or simple math question like "What is twenty divided by five?". Personally I'd prefer this kind of question-answer interaction to a system that asking me to write down something it shows. It feels more "human", and it works at roughly the same security level as the other methods.