Professional Documents
Culture Documents
terminology
Introduction
The researcher
2
Softphone
Softphone is a software program for making telephone calls over
the Internet using a general purpose computer, rather than using dedicated
hardware. Often a softphone is designed to behave like a
traditional telephone, sometimes appearing as an image of a phone, with a
display panel and buttons with which the user can interact. A softphone is
usually used with a headset (Headphones) connected to the sound card of
the PC, or with a USB phone.
USBphone looks like traditional phone device, but it has USB connector
instead of RJ-11. It may be used with most softphones and services
like Skype.
Softphone Applications
A typical application of a softphone is to make calls via an Internet
telephony service provider to other softphones or to telephones. Service
providers may offer PC-to-PC calls for free; PC-to-phone and phone-to-
PC calls are usually not free.
Another type of softphone connects to a private branch
exchange (PBX) ( which is a telephone exchange that serves a
particular business or office, as opposed to one that a common
carrier or telephone company operates for many businesses or for the
general public. PBXs are also referred to as:
PABX - private automatic branch exchange
EPABX - electronic private automatic branch exchange) through
a local area network (LAN) and is used to control and dial through an
existing hardware phone. This is often used in a call
center environment to make calls from a central customer directory,
and to "pop-up" information on the screen about which customer is
calling, instantly providing the operator with details of the relationship
between the caller and the company using the call center. Some
countries do not allow this PBX.
It's important to differentiate softphones from services based on
softphones. Skype, Google Talk, and Vonage are Internet telephony
service providers having their own softphones that you install on your
computer. Unfortunately these three major providers are not
interoperable, and you can't place a direct call between them.
3
VoIP (Voice over Internet Protocol) is simply the transmission of voice
traffic over IP-based networks.
Is there a difference between making a Local Call and a Long Distance Call?
Some VoIP providers offer their services for free, normally only for calls to other
subscribers to the service. Your VoIP provider may permit you to select an area
code different from the area in which you live. It also means that people who call
you may incur long distance charges depending on their area code and service.
Some VoIP providers charge for a long distance call to a number outside your
calling area, similar to existing, traditional wireline telephone service. Other VoIP
providers permit you to call anywhere at a flat rate for a fixed number of
minutes.
4
What Are Some disadvantages of VoIP?
If you're considering replacing your traditional telephone service with VoIP, there
are some possible differences:
Some VoIP services don't work during power outages and the service
provider may not offer backup power.
Not all VoIP services connect directly to emergency services through 9-1-
1. For additional information, see VoIP & 911 Advisory.
VoIP providers may or may not offer directory assistance/white page
listings.
In addition, the FCC requires interconnected VoIP providers to comply with the
Communications Assistance for Law Enforcement Act of 1994 (CALEA) and to
contribute to the Universal Service Fund, which supports communications services
in high-cost areas and for income-eligible telephone subscribers.
For more information about VoIP see our factsheet (pdf file).
5
An ITSP (Internet Telephony Service Provider) offers an Internet data
service for making telephone calls using VoIP (Voice over IP)
technology. Most ITSPs use SIP, H.323, or IAX (althoughH.323 use is
declining)[1] for transmitting telephone calls as IP data packets.
Customers may use traditional telephones with an analog telephony
adapter (ATA) providing RJ11 to Ethernetconnection.
In the United States, net2Phone began offering consumer VoIP service in
1995.[2] Before 2003, many VoIP services required customers to make
and receive phone calls through a personal computer.
ITSPs are also known as VSP (Voice Service Provider) or simply VoIP
Providers.
6
The Session Initiation Protocol (SIP) is a signaling protocol, widely
used for controlling multimedia communication sessions such
as voice and video calls over Internet Protocol (IP). Other feasible
application examples include video conferencing, streaming
multimedia distribution, instant messaging, presence
information and online games. The protocol can be used for creating,
modifying and terminating two-party (unicast) or multiparty
(multicast) sessions consisting of one or several media streams. The
modification can involve changing addresses or ports, inviting more
participants, adding or deleting media streams, etc.
SIP was originally designed by Henning Schulzrinne and Mark
Handley starting in 1996. The latest version of the specification is RFC
3261[1] from the IETF Network Working Group.[2] In November 2000,
SIP was accepted as a 3GPP signaling protocol and permanent element of
the IP Multimedia Subsystem (IMS) architecture for IP-based streaming
multimedia services in cellular systems.
The SIP protocol is a TCP/IP-based Application Layer protocol. SIP is
designed to be independent of the underlying transport layer; it can run
on Transmission Control Protocol (TCP), User Datagram
Protocol (UDP), or Stream Control Transmission Protocol (SCTP)[3]. It is
a text-based protocol, incorporating many elements of the Hypertext
Transfer Protocol (HTTP) and theSimple Mail Transfer
Protocol (SMTP)[4], allowing for direct inspection by administrators.
Most of us use IVR systems daily to do things like check bank balances,
manage credit cards, check for store hours or locations, or order
8
prescription medicine. Human interaction is not required because the IVR
system only allows limited access to the database, though an option might
exist to be switched to a live operator during business hours. IVR systems
are also used to report non-emergency problems to cable or utility
services, and to schedule appointments with government or state offices;
for example, the Department Of Motor Vehicles. Integrating text-to-
speech (TTS) functionality, IVR systems can deliver dynamic
information as well, such as weather, news, traffic or stock reports.
Campaigns, pollsters and survey takers also make use of IVR systems. In
these cases, the system places outgoing calls. A recorded voice asks
questions and requests simple answers, like "yes," "no," or "undecided."
The IVR system might have limited to extensive built-in voice
recognition, depending on the requirements of the application. Answers
might also be directed through the phone's keypad. Press 1 for yes
and 2 for no, for example. IVR automation makes it possible to reach far
more people than through actually manning phones.
Commonly, IVR systems are installed in-house, however, there are also
"outsourced solution providers," or OSPs. These IVR providers maintain
the system on their own premises, integrating it through the client's
network. OSP solutions have advantages and disadvantages. Obvious
advantages include avoiding installation of a new IVR infrastructure, and
an IVR-savvy staff to maintain the system. Disadvantages may include a
feature-set or template that might not fit your business model as well as
you'd like, and surrendered control over critical functions deferred to the
IVR system.
9
include Gnutella, Gnutella2, eDonkey2000, the now-
defunct Kazaa network, and BitTorrent.
Many file sharing programs and services have been shut down due to
litigation by groups such as the RIAA and MPAA. During the early
2000s, the fight against copyright infringement expanded into lawsuits
against individual users of file sharing software.
The economic impact on media industries is disputed; although
publishers and copyright holders claim economic damage, some studies
have suggested that file sharing is not the primary cause of declines in
sales. File sharing remains widespread, with mixed public opinion about
the morality of the practice for commercial material).
It is still under development, and therefore may acquire more features or
other improvements in addition to those discussed in this article. This is
the communication protocol used by such clients as eMule and eDonkey
and, in its extended implementation, by theOvernet network.
Features/Strengths
10
In-System Programming
12
use the GSM standard, so that GSM is the only kind of network where
GPRS is in use. GPRS is integrated into GSM Release 97 and newer
releases. It was originally standardized by European Telecommunications
Standards Institute (ETSI), but now by the 3rd Generation Partnership
Project (3GPP).
13
computers. GPRS is based on Global System for Mobile (GSM)
communication and complements existing services such circuit-
switched cellular phone connections and the Short Message Service
(SMS).
14
which greatly reduces the interference to neighboring channels (adjacent
channel interference).
Interference with audio devices
Some audio devices are susceptible to radio frequency interference (RFI),
which could be mitigated or eliminated by use of additional shielding
and/or bypass capacitors in these audio devices. However, the increased
cost of doing so is difficult for a designer to justify. [12]
It is a common occurrence for a nearby GSM handset to induce a "dit, dit
di-dit, dit di-dit, dit di-dit" audio output on PAs, wireless microphones,
home stereo systems, televisions, computers, cordless phones, and
personal music devices. When these audio devices are in the near field of
the GSM handset, the radio signal is strong enough that the solid state
amplifiers in the audio chain act as a detector. The clicking noise itself
represents the power bursts that carry the TDMA signal. These signals
have been known to interfere with other electronic devices, such as car
stereos and portable audio players. This also depends on the handset's
design, and its conformance to strict rules and regulations allocated by the
US body, the FCC, in part 15 of its rules and regulations pertaining to
interference with electronic devices.
GSM frequencies
Main article: GSM frequency ranges
15
In some countries the GSM-900 band has been extended to cover a larger
frequency range. This 'extended GSM', E-GSM, uses 880–915 MHz
(uplink) and 925–960 MHz (downlink), adding 50 channels (channel
numbers 975 to 1023 and 0) to the original GSM-900 band. Time division
multiplexing is used to allow eight full-rate or sixteen half-rate speech
channels per radio frequency channel. There are eight radio timeslots
(giving eight burst periods) grouped into what is called a TDMA frame.
Half rate channels use alternate frames in the same timeslot. The channel
data rate for all 8 channels is 270.833 kbit/s, and the frame duration is
4.615 ms.
The transmission power in the handset is limited to a maximum of 2 watts
in GSM850/900 and 1 watt in GSM1800/1900.
Voice codecs
GSM has used a variety of voice codecs to squeeze 3.1 kHz audio into
between 5.6 and 13 kbit/s. Originally, two codecs, named after the types
of data channel they were allocated, were used, called Half Rate (6.5
kbit/s) and Full Rate (13 kbit/s). These used a system based upon linear
predictive coding (LPC). In addition to being efficient with bitrates, these
codecs also made it easier to identify more important parts of the audio,
allowing the air interface layer to prioritize and better protect these parts
of the signal.
GSM was further enhanced in 1997[13] with the Enhanced Full
Rate (EFR) codec, a 12.2 kbit/s codec that uses a full rate channel.
Finally, with the development of UMTS, EFR was refactored into a
variable-rate codec called AMR-Narrowband, which is high quality and
robust against interference when used on full rate channels, and less
robust but still relatively high quality when used in good radio conditions
on half-rate channels.
Network structure
16
The structure of a GSM network
The network behind the GSM seen by the customer is large and
complicated in order to provide all of the services which are required. It is
divided into a number of sections and these are each covered in separate
articles.
the Base Station Subsystem (the base stations and their controllers).
the Network and Switching Subsystem (the part of the network most
similar to a fixed network). This is sometimes also just called the core
network.
the GPRS Core Network (the optional part which allows packet based
Internet connections).
all of the elements in the system combine to produce many GSM
services such as voice calls and SMS.
Subscriber Identity Module (SIM)
Main article: Subscriber Identity Module
17
card containing the user's subscription information and phone book. This
allows the user to retain his or her information after switching handsets.
Alternatively, the user can also change operators while retaining the
handset simply by changing the SIM. Some operators will block this by
allowing the phone to use only a single SIM, or only a SIM issued by
them; this practice is known as SIM locking, and is illegal in some
countries.
In Australia, North America and Europe many operators lock the mobiles
they sell. This is done because the price of the mobile phone is
typically subsidised with revenue from subscriptions, and operators want
to try to avoid subsidising competitor's mobiles. A subscriber can usually
contact the provider to remove the lock for a fee, utilize private services
to remove the lock, or make use of ample software and websites available
on the Internet to unlock the handset themselves. While most web sites
offer the unlocking for a fee, some do it for free. The locking applies to
the handset, identified by its International Mobile Equipment
Identity (IMEI) number, not to the account (which is identified by
the SIM card).
In some countries such as Bangladesh, Belgium, Costa Rica, Indonesia,
Malaysia, Hong Kong and Pakistan, all phones are sold unlocked.
However, in Belgium, it is unlawful for operators there to offer any form
of subsidy on the phone's price. This was also the case in Finland
until April 1, 2006, when selling subsidized combinations of handsets and
accounts became legal, though operators have to unlock phones free of
charge after a certain period (at most 24 months).
GSM security
GSM was designed with a moderate level of security. The system was
designed to authenticate the subscriber using a pre-shared
key and challenge-response. Communications between the subscriber and
the base station can be encrypted. The development of UMTS introduces
an optional USIM, that uses a longer authentication key to give greater
security, as well as mutually authenticating the network and the user -
whereas GSM only authenticates the user to the network (and not vice
versa). The security model therefore offers confidentiality and
authentication, but limited authorization capabilities, and no non-
repudiation. GSM uses several cryptographic algorithms for security.
The A5/1 and A5/2 stream ciphers are used for ensuring over-the-air
18
voice privacy. A5/1 was developed first and is a stronger algorithm used
within Europe and the United States; A5/2 is weaker and used in other
countries. Serious weaknesses have been found in both algorithms: it is
possible to break A5/2 in real-time with a ciphertext-only attack, and in
February 2008, Pico Computing, Inc revealed its ability and plans to
commercialize FPGAs that allow A5/1 to be broken with a rainbow
table attack.[14] The system supports multiple algorithms so operators may
replace that cipher with a stronger one.
WAP
Wireless Application Protocol (commonly referred to as WAP) is
an open international standard[1] for application layer network
communications in a wireless communicationenvironment. Its main use is
to enable access to the Mobile Web from a mobile phone or PDA.
A WAP browser provides all of the basic services of a computer
based web browser but simplified to operate within the restrictions of a
mobile phone, such as its smaller view screen. WAP sites
are websites written in, or dynamically converted to, WML (Wireless
Markup Language) and accessed via the WAP browser.
Before the introduction of WAP, service providers had extremely limited
opportunities to offer interactive data services. Interactive data
applications are required to support now commonplace activities such as:
+------------------------------------------+
| Wireless Application Environment (WAE) |
+------------------------------------------+ \
19
| Wireless Session Protocol (WSP) | |
+------------------------------------------+ |
| Wireless Transaction Protocol (WTP) | | WAP
+------------------------------------------+ | protocol
| Wireless Transport Layer Security (WTLS) | | suite
+------------------------------------------+ |
| Wireless Datagram Protocol (WDP) | |
+------------------------------------------+ /
| *** Any Wireless Data Network *** |
+------------------------------------------+
Technical specifications
The WAP standard describes a protocol suite that allows the
interoperability of WAP equipment and software with many different
network technologies. The rationale for this was to build a single
platform for competing network technologies such as GSM and IS-
95 (also known as CDMA) networks.
20
This protocol suite allows a terminal to emit requests that have
an HTTP or HTTPS equivalent to a WAP gateway; the gateway translates
requests into plain HTTP.
Bluetooth
Bluetooth is an open wireless protocol for exchanging data over short
distances from fixed and mobile devices, creating personal area
networks (PANs). It was originally conceived as a wireless alternative
to RS232 data cables. It can connect several devices, overcoming
problems of synchronization.
List of applications
21
For controls where infrared was traditionally used.
For low bandwidth applications where higher [USB] bandwidth is not
required and cable-free connection desired.
Sending small advertisements from Bluetooth-enabled advertising
hoardings to other, discoverable, Bluetooth devices[citation needed].
Wireless bridge between two Industrial Ethernet (e.g., PROFINET)
networks.
Two seventh-generation game consoles, Nintendo's Wii[6] and
Sony's PlayStation 3, use Bluetooth for their respective wireless
controllers.
Dial-up internet access on personal computers or PDAs using a data-
capable mobile phone as a modem.
Bluetooth devices
22
address and permission configuration can be automated than with many
other network types.
Wi-Fi
Main article: Wi-Fi
23
phones, miceand keyboards). While some desktop computers and most
recent laptops come with a built-in Bluetooth adapter, others will require
an external one in the form of a dongle.
Unlike its predecessor, IrDA, which requires a separate adapter for each
device, Bluetooth allows multiple devices to communicate with a
computer over a single adapter.
24
Specifications and features
25
functions by rapidly disconnecting and connecting the calling party's
telephone line, similar to flicking a light switch on and off. The repeated
connection and disconnection, as the dial spins, sounds like a series of
clicks. The exchange equipment counts those clicks or dial pulses to
determine the called number. Loop disconnect range was restricted by
telegraphic distortion and other technical problems, and placing calls over
longer distances required either operator assistance (operators used an
earlier kind of multi-frequency dial) or the provision of subscriber trunk
dialing equipment.
Dual Tone Multi-Frequency, or DTMF, is a method for instructing a
telephone switching system of the telephone number to be dialed, or to
issue commands to switching systems or related telephony equipment.
The DTMF dialing system traces its roots to a technique developed
by Bell Labs in the 1940s called MF (Multi-Frequency) which was
deployed within the AT&T telephone network to direct calls between
switching facilities using in-band signaling. In the early 1960s, a
derivative technique was offered by AT&T through its Bell
System telephone companies as a "modern" way for network customers
to place calls. In AT&Ts Compatibility Bulletin No. 105, AT&T
described the product as "a method for pushbutton signaling from
customer stations using the voice transmission path."
The consumer product was marketed by AT&T under the registered trade
name Touch-Tone. Other vendors of compatible telephone equipment
called this same system "Tone" dialing or "DTMF," or used their own
registered trade names such as the "Digitone" of Northern Electric (now
known as Nortel Networks).
The DTMF system uses eight different frequency signals transmitted in
pairs to represent sixteen different numbers, symbols and letters - as
detailed below.
#, *, A, B, C, and D
The engineers had envisioned phones being used to access computers,
and surveyed a number of companies to see what they would need for this
role. This led to the addition of thenumber sign (#, sometimes called
'octothorpe' or 'pound' in this context) and asterisk or "star" (*) keys as
well as a group of keys for menu selection: A, B, C and D. In the end, the
lettered keys were dropped from most phones, and it was many years
26
before these keys became widely used for vertical service codes such as
*67 in the United States and Canada to suppresscaller ID.
Public payphones that accept credit cards use these additional codes to
send the information from the magnetic strip.
The U.S. military also used the letters, relabeled, in their now
defunct Autovon phone system[1]. Here they were used before dialing the
phone in order to give some calls priority, cutting in over existing calls if
need be. The idea was to allow important traffic to get through every
time. The levels of priority available were Flash Override (A), Flash (B),
Immediate (C), and Priority (D), with Flash Override being the highest
priority. Pressing one of these keys gave your call priority, overriding
other conversations on the network. Pressing C, Immediate, before
dialing would make the switch first look for any free lines, and if all lines
were in use, it would disconnect any non-priority calls, and then any
priority calls. Flash Override will kick every other call off the trunks
between the origin and destination. Consequently, it was limited to
the White House Communications Agency.
Precedence dialing is still done on the military phone networks, but using
number combinations (Example: Entering 93 before a number is a
priority call) rather than the separate tones and the Government
Emergency Telecommunications Service has superseded Autovon for any
civilian priority telco access.
DTMF Push-To-Talk
ID
27
listening in on calls). Their use is probably prohibited by most carriers.
The A, B, C and D tones are used in amateur radio phone patch and
repeater operations to allow, among other uses, control of the repeater
while connected to an active phone line.
DTMF tones are also used by some cable television networks and radio
networks to signal the local cable company/network station to insert a
local advertisement or station identification. These tones were often heard
during a station ID preceding a local ad insert. Previously, terrestrial
television stations also used DTMF tones to shut off and turn on remote
transmitters.
DTMF tones are also sometimes used in caller ID systems to transfer the
caller ID information, however in the USA only Bell
202 modulated FSK signaling is used to transfer the data.
A DTMF can be heard on most Whelen Outdoor Warning systems.
Keypad
Main article: Telephone keypad
The DTMF keypad is laid out in a 4×4 matrix, with each row
representing a low frequency, and each column representing
a high frequency. Pressing a single key (such as '1' ) will send
28
a sinusoidal tone for each of the two frequencies (697 and
1209 hertz (Hz)). The original keypads had levers inside, so each button
activated two contacts. The multiple tones are the reason for calling the
system multifrequency. These tones are then decoded by the switching
center to determine which key was pressed.
697 Hz 1 2 3 A
770 Hz 4 5 6 B
852 Hz 7 8 9 C
941 Hz * 0 # D
Low High
Event
frequency frequency
29
Ringback tone (US) 440 Hz 480 Hz
The tone frequencies, as defined by the Precise Tone Plan, are selected
such that harmonics and intermodulation products will not cause an
unreliable signal. No frequency is a multiple of another, the difference
between any two frequencies does not equal any of the frequencies, and
the sum of any two frequencies does not equal any of the frequencies.
The frequencies were initially designed with a ratio of 21/19, which is
slightly less than a whole tone. The frequencies may not vary more than
±1.8% from their nominal frequency, or the switching center will ignore
the signal. The high frequencies may be the same volume or louder as the
low frequencies when sent across the line. The loudness difference
between the high and low frequencies can be as large as 3 decibels (dB)
and is referred to as "twist." The minimum duration of the tone should be
at least 70 ms, although in some countries and applications DTMF
receivers must be able to reliably detect DTMF tones as short as 45ms.
As with other multi-frequency receivers, DTMF was originally decoded
by tuned filter banks. Late in the 20th century most were replaced with
digital signal processors. DTMF can be decoded using the Goertzel
algorithm.
Synonyms include multifrequency pulsing and multifrequency signaling.
30
code under the Eclipse Public License (EPL) was slated for completion in
2010.[2]
The term 'Symbian OS' went out of current use with the advent of the
Symbian platform, however the software itself, as described in this entry,
did not.
Symbian features pre-emptive multitasking and memory protection, like
other operating systems (especially those created for use on desktop
computers). EPOC's approach to multitasking was inspired by VMS and
is based on asynchronous server-based events.
Symbian OS was created with three systems design principles in mind:
31
Symbian EKA2 phones to become smaller, cheaper and more power
efficient than their predecessors[citation needed].
Competition
UI Framework Layer
Application Services Layer
Java ME
OS Services Layer
generic OS services
communications services
multimedia and graphics services
connectivity services
Base Services Layer
Kernel Services & Hardware Interface Layer
The Base Services Layer is the lowest level reachable by user-side
operations; it includes the File Server and User Library, a Plug-
In Framework which manages all plug-ins, Store, Central
Repository, DBMS and cryptographic services. It also includes the Text
Window Server and the Text Shell: the two basic services from which a
completely functional port can be created without the need for any higher
layer services.
Symbian has a microkernel architecture, which means that the minimum
necessary is within the kernel to maximise robustness, availability and
responsiveness. It contains a scheduler,memory management and device
drivers, but other services like networking, telephony
and filesystem support are placed in the OS Services Layer or the Base
32
Services Layer. The inclusion of device drivers means the kernel is not
a true microkernel. The EKA2 real-time kernel, which has been termed
a nanokernel, contains only the most basic primitives and requires an
extended kernel to implement any other abstractions.
Symbian is designed to emphasize compatibility with other devices,
especially removable media file systems. Early development of EPOC led
to adopting FAT as the internal file system, and this remains, but an
object-oriented persistence model was placed over the underlying FAT to
provide a POSIX-style interface and a streaming model. The internal data
formats rely on using the same APIs that create the data to run all file
manipulations. This has resulted in data-dependence and associated
difficulties with changes and data migration.
There is a large networking and communication subsystem, which has
three main servers called: ETEL (EPOC telephony), ESOCK (EPOC
sockets) and C32 (responsible for serial communication). Each of these
has a plug-in scheme. For example ESOCK allows different ".PRT"
protocol modules to implement various networking protocol schemes.
The subsystem also contains code that supports short-range
communication links, such as Bluetooth, IrDA and USB.
There is also a large volume of user interface (UI) Code. Only the base
classes and substructure were contained in Symbian OS, while most of
the actual user interfaces were maintained by third parties. This is no
longer the case. The three major UIs - S60, UIQ and MOAP - were
contributed to Symbian in 2009. Symbian also contains graphics, text
layout and font rendering libraries.
All native Symbian C++ applications are built up from three framework
classes defined by the application architecture: an application class, a
document class and an application user interface class. These classes
create the fundamental application behaviour. The remaining required
functions, the application view, data model and data interface, are created
independently and interact solely through their APIs with the other
classes.
Many other things do not yet fit into this model – for
example, SyncML, Java ME providing another set of APIs on top of most
of the OS and multimedia. Many of these are frameworks, and vendors
are expected to supply plug-ins to these frameworks from third parties
(for example, Helix Player for multimedia codecs). This has the
33
advantage that the APIs to such areas of functionality are the same on
many phone models, and that vendors get a lot of flexibility. But it means
that phone vendors needed to do a great deal of integration work to make
a Symbian OS phone.
Symbian includes a reference user-interface called "TechView". It
provides a basis for starting customisation and is the environment in
which much Symbian test and example code runs. It is very similar to the
user interface from the Psion Series 5 personal organiser and is not used
for any production phone user interface.
The Symbian platform is an open source operating system for mobile
devices. It was created by merging and integrating software assets
contributed by Nokia, NTT DoCoMo, and Sony Ericsson,
including Symbian OS, the S60, UIQ and MOAP(S) user interfaces.
34
32-Bit Operating Systems
Refers to the number of bits that can be processed or transmitted in
parallel, or the number of bits used for single element in a data format.
The term is often applied to the following:
IBM's OS/2 is a 32-bit operating system that lets users run DOS,
Windows and OS/2 programs simultaneously. The effects of computer
viruses on OS/2 systems is described elsewhere. Boot viruses do not
generally spread from within OS/2 itself, though they can spread from
systems that have DOS as well as OS/2 installed in separate partitions.
File viruses can often spread to other files when infected programs are
run in Virtual DOS Machines (VDM) within OS/2. However, they remain
active in the system only as long as the infected VDM is active, which is
often only as long as the infected program is running. Some file viruses
are likely to not spread in VDMs, simply because of differences between
VDMs and DOS. This decreases the rate at which file viruses spread in
collections of OS/2 systems. In environments in which OS/2
predominates over DOS, we would expect this to lead to a decline in
prevalence of all current DOS viruses.
35
general spread well from Windows 95 systems. File viruses were not
tested in these experiments.
Not all of the news is good, however. Viruses can be written for 32-bit
operating systems, and the first few such crude viruses have already
appeared . These operating systems offer new facilities that viruses can
use to both hide and spread. The transition to these newer operating
systems will change the virus problem, perhaps significantly, but it will
not eliminate it.
-------------------------------------
Ad hoc is a Latin phrase which means "for this [purpose]". It generally
signifies a solution designed for a specific problem or task, non-
generalizable, and which cannot be adapted to other purposes.
Common examples are organizations, committees, and commissions
created at the national or international level for a specific task. In other
fields the term may refer, for example, to a tailor-made suit, a
handcrafted network protocol or a purpose-specific equation. Ad hoc can
also have connotations of a makeshift solution, inadequate planning, or
improvised events. Other derivatives of the Latin include AdHoc, adhoc
and ad-hoc.
36
An ad hoc organization may have, in some cases, a long-term or
indefinite duration of existence. In these cases, an initial workgroup or
forum may give place to a more permanent form of organization. A
typical example is the OSCE.
Under the Anglo-American Cataloguing Rules, ad hoc events such as
athletic contests, exhibitions, expeditions, fairs, and festivals are
considered to be corporate bodies, and can be used as corporate body
access points.
Ad hoc hypothesis
Main article: Ad hoc hypothesis
Ad hoc pronunciation
Many reference works employ ad hoc pronunciation schemas as a way of
indicating how words are pronounced. These are especially popular
in U.S. published works[citation needed], such as the Merriam-
Webster dictionary. An example of an ad hoc pronunciation would be
"DIK-shuh-nair-ee", where the capitalization shows which syllable is
stressed. This is in contrast to systems such as the International Phonetic
37
Alphabet, which attempt to put pronunciation schemes on a standard
footing.
Critics of ad hoc schemes point out that such schemes are inherently self-
referential, since they rely on the ability of the reader to already know
how a large number of words are commonly pronounced.
As its name suggests, there is no "standard" ad hoc schema, and so
examples will vary considerably according to the publication's whim. In
contrast, the IPA seeks to base pronunciation solely on vocal
tract configurations and on the phonemes produced, though very often
neo-common simple words are used to illustrate how the IPA applies in a
specific language.
Proponents of ad hoc claim that it is much easier to use than IPA, though
will often concur that this is usually only because the pronunciation is
already known.
Ad hoc querying
Ad hoc querying is a term in information science.
Many application software systems have an underlying database which
can be accessed by only a limited number of queries and reports.
Typically these are available via some sort of menu, and will have been
carefully designed, pre-programmed and optimized for performance by
expert programmers.
By contrast, "ad hoc" reporting systems allow the users themselves to
create specific, customized queries. Typically this would be via a user-
friendly GUI-based system without the need for the in-depth knowledge
of SQL, or database schema that a programmer would have.
Because such reporting has the potential to severely degrade the
performance of a live system, it is usually provided over a data
warehouse.
Ad hoc querying/reporting is a business intelligence subtopic, along
with OLAP, Data warehousing, data mining and other tools.
------------------------------------------------
Wireshark
38
Wireshark
Wireshark on Ubuntu
Written in C
Website http://www.wireshark.org/
39
Contents
[hide]
1 The functionality
2 History
3 Features
4 Security
5 Ports
6 References
7 Bibliography
8 External links
The functionality
Wireshark is very similar to tcpdump, but it has a graphical front-end, and
many more information sorting and filtering options. It allows the user to
see all traffic being passed over the network (usually an Ethernet network
but support is being added for others) by putting the network interface
into promiscuous mode.
Wireshark uses the cross-platform GTK+ widget toolkit, and is cross-
platform, running on various computer operating
systemsincluding Linux, Mac OS X, and Microsoft Windows. Released
under the terms of the GNU General Public License, Wireshark isfree
software.
History
40
GPL), so he took theSubversion repository for Ethereal and used it as the
basis for the Subversion repository of Wireshark.
Ethereal development has ceased, and an Ethereal security advisory
recommended switching to Wireshark.[2]
eWEEK Labs named Wireshark one of "The Most Important Open-
Source Apps of All Time" as of May 2, 2007.[3]
Features
Data can be captured "from the wire" from a live network connection
or read from a file that records the already-captured packets.
Live data can be read from a number of types of network,
including Ethernet, IEEE 802.11, PPP, and loopback.
Captured network data can be browsed via a GUI, or via the terminal
(command line) version of the utility, tshark.
Captured files can be programmatically edited or converted via
command-line switches to the "editcap" program.
Data display can be refined using a display filter.
Plugins can be created for dissecting new protocols.
Wireshark's native network trace file format is the libpcap format
supported by libpcap and WinPcap, so it can read capture files from
applications such as tcpdump and CA NetMaster that use that format, and
its captures can be read by applications that use libpcap or WinPcap to
read capture files. It can also read captures from other network analyzers,
such as snoop,Network General's Sniffer, and Microsoft Network
Monitor.
Security
Ports
42
A device that performs modulation is known as a modulator and a device that performs the
inverse operation of modulation is known as ademodulator (sometimes detector or demod). A
device that can do both operations is a modem (short for "Modulator-Demodulator")) an
analog carrier signal (n telecommunications, a carrier wave, or carrier is
a waveform (usually sinusoidal) that is modulated (modified) with an input signal for the
purpose of conveying information.[1] This carrier wave is usually of much
higher frequency than the input signal.
Frequency modulation (FM) and amplitude modulation (AM) are commonly used methods to
modulate the carrier. In the case of single-sideband modulation (SSB) the carrier is
suppressed (and in some forms of SSB eliminated). The carrier must be reintroduced at the
receiver by a beat frequency oscillator (BFO).
The frequency for a given radio or television station is actually the carrier wave's center
frequency. In the fields of communications, signal processing, and in electrical
engineering more generally, a signal is any time-varying or spatial-varying quantity.
In the physical world, any quantity measurable through time or over space can be taken as a
signal. Within a complex society, any set of human information or machine data can also be
taken as a signal. Such information or machine data (for example, the dots on a screen, the
ink making up text on a paper page, or the words now flowing into the reader's mind) must all
be part of systems existing in the physical world – either living or non-living.)
An analog signal uses some property of the medium to convey the signal's information. For
example, an aneroid barometer uses rotary position as the signal to convey pressure
information. Electrically, the property most commonly used is voltage followed closely
by frequency, current, and charge.
43
Any information may be conveyed by an analog signal; often such a signal is a
measured response to changes in physical phenomena, such
as sound, light, temperature, position, orpressure, and is achieved using a transducer.
For example, in sound recording, fluctuations in air pressure (that is to say, sound) strike the
diaphragm of a microphone which induces corresponding fluctuations in the current produced
by a coil in an electromagnetic microphone, or the voltage produced by a condensor
microphone. The voltage or the current is said to be an "analog" of the sound.
An analog signal has a theoretically infinite resolution. In practice an analog signal is subject
to noise and a finite slew rate. Therefore, both analog and digital systems are subject to
limitations in resolution and bandwidth. As analog systems become more complex, effects
such as non-linearity and noise ultimately degrade analog resolution to such an extent that
the performance of digital systems may surpass it. Similarly, as digital systems become more
complex, errors can occur in the digital data stream. A comparable performing digital system
is more complex and requires more bandwidth than its analog counterpart.[citation needed] In
analog systems, it is difficult to detect when such degradation occurs. However, in digital
systems, degradation can not only be detected but corrected as well.), from
driven diodes (In electronics, a diode is a two-terminal P-N junction device
(thermionic diodes may also have one or two ancillary terminals for a heater).
Diodes have two active electrodes between which the signal of interest may flow, and most
are used for their unidirectional electric current property.
Real diodes do not display such a perfect on-off directionality but have a more complex non-
linear electrical characteristic, which depends on the particular type of diode technology.
Diodes also have many other functions in which they are not designed to operate in this on-off
manner.
44
Early diodes included “cat’s whisker” crystals and vacuum tube devices (also called
thermionic valves). Today most diodes are made of silicon, but othersemiconductors such
as germanium are sometimes used.) to radio (Radio is the transmission of signals
by modulation of electromagnetic waves with frequencies below those of visible
light.[1]Electromagnetic radiation travels by means of oscillating electromagnetic fields that
pass through the air and the vacuum of space. Information is carried by systematically
changing (modulating) some property of the radiated waves, such as amplitude, frequency,
orphase. When radio waves pass an electrical conductor, the oscillating fields induce an
alternating current in the conductor. This can bedetected and transformed into sound or other
signals that carry information.).
The most familiar example is a voice band modem that turns the
digital 1s and 0s (The binary numeral system, or base-2 number system represents
numeric values using two symbols, usually 0 and 1. More specifically, the usualbase-2 system
is a positional notation with a radix of 2. Owing to its straightforward implementation in digital
electronic circuitry using logic gates, the binary system is used internally by all
modern computers) ofa personal computer into sounds that can be
transmitted over thetelephone lines of Plain Old Telephone Systems
(POTS) (Plain old telephone service (POTS) is the voice-grade telephone service that
remains the basic form of residential and small business service connection to the telephone
network in most parts of the world. The name is a retronym, and is a reflection of the
telephone service still available after the advent of more advanced forms of telephony such
as ISDN, mobile phones and VoIP. POTS has been available almost since the introduction of
the public telephone system in the late 19th century, in a form mostly unchanged to the
normal user despite the introduction of Touch-Tone dialing, electronic telephone
exchanges and fiber-optic communication into the public switched telephone network (PSTN).
The system was originally known as the Post Office Telephone Service or Post Office
Telephone System in many countries. The term was dropped as telephone services were
removed from the control of national post offices),
and once received on the other
side, converts those 1s and 0s back into a form used by a USB, Ethernet,
serial, or network connection.
Modems are generally classified by the amount of data they can send in a
given time, normally measured in bits per second, or "bps". They can also
be classified by Baud, the number of times the modem changes its signal
state per second. For example, the ITU V.21 standard used audio
frequency-shift keying, aka tones, to carry 300 bit/s using 300 baud,
45
whereas the original ITU V.22 standard allowed 1200 bit/s with 600 baud
using phase-shift keying.
Faster modems are used by Internet users every day, notably cable
modems and ADSL modems. In telecommunications, "wide band radio
modems" transmit repeating frames of data at very high data rates
over microwave radio links. Narrow band radio modem is used for low
data rate up to 19.2k mainly for private radio networks. Some microwave
modems transmit more than a hundred million bits per second. Optical
modems transmit data over optical fibers. Most intercontinental data links
now use optical modems transmitting over undersea optical fibers.
Optical modems routinely have data rates in excess of a billion (1x109)
bits per second. One kilobit per second (kbit/s or kb/s or kbps) as used in
this article means 1000 bits per second and not 1024 bits per second. For
example, a 56k modem can transfer data at up to 56,000 bits (7kB) per
second over the phone line.
=
MSISDN is a number uniquely identifying a subscription in
a GSM or UMTS mobile network. Simply put, it is the telephone number
to the SIM card in a mobile/cellular phone. The abbreviation has several
interpretations, most common one being "Mobile Subscriber Integrated
Services Digital Network Number".[1]
The MSISDN together with IMSI are two important numbers used to
identify a mobile subscriber. The former identifies the SIM, i.e. the card
that is inserted into the mobile phone, while the latter is used to route
calls to the subscriber. IMSI is often used as a key in
the HLR ("subscriber database") and MSISDN is the number normally
dialed to connect a call to the mobile phone. A SIM is uniquely
associated to an IMSI, while the MSISDN can change in time (e.g. due
to number portability), i.e. different MSISDNs can be associated to
the SIM.
The MSISDN follows the numbering plan defined in the ITU-
T recommendation E.164.
Mobile Station International Subscriber Directory Number (MSISDN) - a
number used to identify a mobile phone number internationally. MSISDN
is defined by the E.164 numbering plan. This number includes a country
46
code and a National Destination Code which identifies the subscriber's
operator.
47
Web APIs
When used in the context of web development, an API is typically a
defined set of Hypertext Transfer Protocol (HTTP) request messages
along with a definition of the structure of response messages, usually
expressed in an Extensible Markup Language (XML) or JavaScript
Object Notation (JSON) format. While "Web API" is virtually a synonym
for web service, the recent trend (so-called Web 2.0) has been away from
Simple Object Access Protocol (SOAP) based services towards more
direct Representational State Transfer (REST) style communications[5].
Web APIs allow the combination of multiple services into new
applications known as mashups [6].
48
*101#
*109*72348937857623#
After entering a USSD code on your GSM handset, the reply from
the GSM operator is displayed within a few seconds.
USSD is the base of some payment methods such as SharEpay, SWAP
Mobile in South Africa, Mobipay in Spain, M-Pesa in Kenya,
and mPay in Poland.
=
Crystal Reports is a business intelligence application used to design and
generate reports from a wide range of data sources. Several other
applications, such as Microsoft Visual Studio, bundle an OEM version of
Crystal Reports as a general purpose reporting tool.[1] Crystal Reports
became the de facto standard report writer when Microsoft released it
with Visual Basic.[citation needed]
=
The Java Naming and Directory Interface (JNDI) is a Java API for a
directory service that allows Java software clients to discover and look up
data and objects via a name. Like all Java APIs that interface with host
systems, JNDI is independent of the underlying implementation.
Additionally, it specifies a service provider interface (SPI) that allows
directory service implementations to be plugged into the framework. The
implementations may make use of a server, a flat file, or a database; the
choice is up to the vendor.
The Java Naming and Directory Interface (JNDI) is part of the Java
platform, providing applications based on Java technology with a unified
interface to multiple naming and directory services. Powerful and
portable directory-enabled applications can be built using this industry
standard.
Application server
Jump to: navigation, search
50
Contents
Following the success of the Java platform, the term application server
sometimes refers to a J2EE or Java EE 5 application server. Some of the
better-known Java Enterprise Edition application servers include:
52
3. The browser checks that the certificate was issued by a trusted party (usually a
trusted root CA), that the certificate is still valid and that the certificate is
related to the site contacted.
4. The browser then uses the public key, to encrypt a random symmetric
encryption key and sends it to the server with the encrypted URL required as
well as other encrypted http data.
5. The web server decrypts the symmetric encryption key using its private key
and uses the symmetric key to decrypt the URL and http data.
6. The web server sends back the requested html document and http data
encrypted with the symmetric key.
7. The browser decrypts the http data and html document using the symmetric
key and displays the information.
The encryption using a private key/public key pair ensures that the data can be
encrypted by one key but can only be decrypted by the other key pair. This is
sometime hard to understand, but believe me it works. The keys are similar in nature
and can be used alternatively: what one key emcrypts, the other key pair can decrypt.
The key pair is based on prime numbers and their length in terms of bits ensures the
difficulty of being able to decrypt the message without the key pairs. The trick in a
key pair is to keep one key secret (the private key) and to distribute the other key (the
public key) to everybody. Anybody can send you an encrypted message, that only you
will be able to decrypt. You are the only one to have the other key pair, right? In the
opposite , you can certify that a message is only coming from you, because you have
encrypted it with you private key, and only the associated public key will decrypt it
correctly. Beware, in this case the message is not secured you have only signed it.
Everybody has the public key, remember!
One of the problem left is to know the public key of your correspondent. Usually you
will ask him to send you a non confidential signed message that will contains his
publick key as well as a certificate.
How do you know that you are dealing with the right person or rather the right web
site. Well, someone has taken great length (if they are serious) to ensure that the web
site owners are who they claim to be. This someone, you have to implicitly trust: you
have his/her certificate loaded in your browser (a root Certificate). A certificate,
contains information about the owner of the certificate, like e-mail address, owner's
name, certificate usage, duration of validity, resource location or Distinguished Name
(DN) which includes the Common Name (CN) (web site address or e-mail address
depending of the usage) and the certificate ID of the person who certifies (signs) this
information. It contains also the public key and finally a hash to ensure that the
certificate has not been tampered with. As you made the choice to trust the person
who signs this certificate, therefore you also trust this certificate. This is a certificate
53
trust tree or certificate path. Usually your browser or application has already loaded
the root certificate of well known Certification Authorities (CA) or root CA
Certificates. The CA maintains a list of all signed certificates as well as a list of
revoked certificates. A certificate is insecure until it is signed, as only a signed
certificate cannot be modified. You can sign a certificate using itself, it is called a self
signed certificate. All root CA certificates are self signed.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=FJ, ST=Fiji, L=Suva, O=SOPAC, OU=ICT, CN=SOPAC Root
CA/Email=administrator@sopac.org
Validity
Not Before: Nov 20 05:47:44 2001 GMT
Not After : Nov 20 05:47:44 2002 GMT
Subject: C=FJ, ST=Fiji, L=Suva, O=SOPAC, OU=ICT,
CN=www.sopac.org/Email=administrator@sopac.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ba:54:2c:ab:88:74:aa:6b:35:a5:a9:c1:d0:5a:
9b:fb:6b:b5:71:bc:ef:d3:ab:15:cc:5b:75:73:36:
b8:01:d1:59:3f:c1:88:c0:33:91:04:f1:bf:1a:b4:
7a:c8:39:c2:89:1f:87:0f:91:19:81:09:46:0c:86:
08:d8:75:c4:6f:5a:98:4a:f9:f8:f7:38:24:fc:bd:
94:24:37:ab:f1:1c:d8:91:ee:fb:1b:9f:88:ba:25:
da:f6:21:7f:04:32:35:17:3d:36:1c:fb:b7:32:9e:
42:af:77:b6:25:1c:59:69:af:be:00:a1:f8:b0:1a:
6c:14:e2:ae:62:e7:6b:30:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
FE:04:46:ED:A0:15:BE:C1:4B:59:03:F8:2D:0D:ED:2A:E0:ED:F9:2F
X509v3 Authority Key Identifier:
keyid:E6:12:7C:3D:A1:02:E5:BA:1F:DA:9E:37:BE:E3:45:3E:9B:AE:E5:A6
DirName:/C=FJ/ST=Fiji/L=Suva/O=SOPAC/OU=ICT/CN=SOPAC
Root CA/Email=administrator@sopac.org
serial:00
Signature Algorithm: md5WithRSAEncryption
34:8d:fb:65:0b:85:5b:e2:44:09:f0:55:31:3b:29:2b:f4:fd:
aa:5f:db:b8:11:1a:c6:ab:33:67:59:c1:04:de:34:df:08:57:
2e:c6:60:dc:f7:d4:e2:f1:73:97:57:23:50:02:63:fc:78:96:
34:b3:ca:c4:1b:c5:4c:c8:16:69:bb:9c:4a:7e:00:19:48:62:
e2:51:ab:3a:fa:fd:88:cd:e0:9d:ef:67:50:da:fe:4b:13:c5:
0c:8c:fc:ad:6e:b5:ee:40:e3:fd:34:10:9f:ad:34:bd:db:06:
ed:09:3d:f2:a6:81:22:63:16:dc:ae:33:0c:70:fd:0a:6c:af:
bc:5a
-----BEGIN CERTIFICATE-----
MIIDoTCCAwqgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCRkox
DTALBgNVBAgTBEZpamkxDTALBgNVBAcTBFN1dmExDjAMBgNVBAoTBVNPUEFDMQww
54
CgYDVQQLEwNJQ1QxFjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJjAkBgkqhkiG9w0B
CQEWF2FkbWluaXN0cmF0b3JAc29wYWMub3JnMB4XDTAxMTEyMDA1NDc0NFoXDTAy
MTEyMDA1NDc0NFowgYkxCzAJBgNVBAYTAkZKMQ0wCwYDVQQIEwRGaWppMQ0wCwYD
VQQHEwRTdXZhMQ4wDAYDVQQKEwVTT1BBQzEMMAoGA1UECxMDSUNUMRYwFAYDVQQD
Ew13d3cuc29wYWMub3JnMSYwJAYJKoZIhvcNAQkBFhdhZG1pbmlzdHJhdG9yQHNv
cGFjLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAulQsq4h0qms1panB
0Fqb+2u1cbzv06sVzFt1cza4AdFZP8GIwDORBPG/GrR6yDnCiR+HD5EZgQlGDIYI
2HXEb1qYSvn49zgk/L2UJDer8RzYke77G5+IuiXa9iF/BDI1Fz02HPu3Mp5Cr3e2
JRxZaa++AKH4sBpsFOKuYudrMOkCAwEAAaOCARUwggERMAkGA1UdEwQCMAAwLAYJ
YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud
DgQWBBT+BEbtoBW+wUtZA/gtDe0q4O35LzCBtgYDVR0jBIGuMIGrgBTmEnw9oQLl
uh/anje+40U+m67lpqGBj6SBjDCBiTELMAkGA1UEBhMCRkoxDTALBgNVBAgTBEZp
amkxDTALBgNVBAcTBFN1dmExDjAMBgNVBAoTBVNPUEFDMQwwCgYDVQQLEwNJQ1Qx
FjAUBgNVBAMTDVNPUEFDIFJvb3QgQ0ExJjAkBgkqhkiG9w0BCQEWF2FkbWluaXN0
cmF0b3JAc29wYWMub3JnggEAMA0GCSqGSIb3DQEBBAUAA4GBADSN+2ULhVviRAnw
VTE7KSv0/apf27gRGsarM2dZwQTeNN8IVy7GYNz31OLxc5dXI1ACY/x4ljSzysQb
xUzIFmm7nEp+ABlIYuJRqzr6/YjN4J3vZ1Da/ksTxQyM/K1ute5A4/00EJ+tNL3b
Bu0JPfKmgSJjFtyuMwxw/Qpsr7xa
-----END CERTIFICATE-----
As You may have noticed, the certificate contains the reference to the issuer, the
public key of the owner of this certificate, the dates of validity of this certificate and
the signature of the certificate to ensure this certificate hasen't been tampered with.
The certificate does not contain the private key as it should never be transmitted in
any form whatsoever. This certificate has all the elements to send an encrypted
message to the owner (using the public key) or to verify a message signed by the
author of this certificate.
Well, Private Key/Public Key encryption algorithms are great, but they are not usually
practical. It is asymmetric because you need the other key pair to decrypt. You can't
use the same key to encrypt and decrypt. An algorithm using the same key to decrypt
and encrypt is deemed to have a symmetric key. A symmetric algorithm is much
faster in doing its job than an asymmetric algorithm. But a symmetric key is
potentially highly insecure. If the enemy gets hold of the key then you have no more
secret information. You must therefore transmit the key to the other party without the
enemy getting its hands on it. As you know, nothing is secure on the Internet. The
solution is to encapsulate the symmetric key inside a message encrypted with an
asymmetric algorithm. You have never transmitted your private key to anybody, then
the message encrypted with the public key is secure (relatively secure, nothing is
certain except death and taxes). The symmetric key is also chosen randomly, so that if
the symmetric secret key is discovered then the next transaction will be totally
different.
55
Albert Einstein... So algorithms cannot be patented except mainly in USA. OpenSSL
is developed in a country where algorithms cannot be patented and where encryption
technology is not reserved to state agencies like military and secret services. During
the negotiation between browser and web server, the applications will indicate to each
other a list of algorithms that can be understood ranked by order of preference. The
common preferred algorithm is then chosen. OpenSSL can be compiled with or
without certain algorithms, so that it can be used in many countries where restrictions
apply.
A hash is a number given by a hash function from a message. This is a one way
function, it means that it is impossible to get the original message knowing the hash.
However the hash will drastically change even for the slightest modification in the
message. It is therefore extremely difficult to modify a message while keeping its
original hash. It is also called a message digest. Hash functions are used in password
mechanisms, in certifying that applications are original (MD5 sum), and in general in
ensuring that any message has not been tampered with. It seems that the Internet
Enginering Task Force (IETF) prefers SHA1 over MD5 for a number of technical
reasons (Cf RFC2459 7.1.2 and 7.1.3).
1.2.6. Signing:
Signing a message, means authentifying that you have yourself assured the
authenticity of the message (most of the time it means you are the author, but not
neccesarily). The message can be a text message, or someone else's certificate. To
sign a message, you create its hash, and then encrypt the hash with your private key,
you then add the encrypted hash and your signed certificate with the message. The
recipient will recreate the message hash, decrypts the encrypted hash using your well
known public key stored in your signed certificate, check that both hash are equals
and finally check the certificate.
The other advantage of signing your messages is that you transmit your public key
and certificate automatically to all your recipients.
There are usually 2 ways to sign, encapsulating the text message inside the signature
(with delimiters), or encoding the message altogether with the signature. This later
form is a very simple encryption form as any software can decrypt it if it can read the
embedded public key. The advantage of the first form is that the message is human
readable allowing any non complaint client to pass the message as is for the user to
read, while the second form does not even allow to read part of the message if it has
been tampered with.
1.2.7. PassPhrase:
56
1.2.8. Public Key Infrastructure
The Public Key Infrastructure (PKI) is the software management system and database
system that allows to sign certifcate, keep a list of revoked certificates, distribute
public key,... You can usually access it via a website and/or ldap server. There will be
also some people checking that you are who you are... For securing individual
applications, you can use any well known commercial PKI as their root CA certificate
is most likely to be inside your browser/application. The problem is for securing e-
mail, either you get a generic type certificate for your e-mail or you must pay about
USD100 a year per certificate/e-mail address. There is also no way to find someone's
public key if you have never received a prior e-mail with his certificate (including his
public key).
-------------
First never use your self-signed root CA Certificate with any application and
especially with apache as it requires you to remove the passphrase on your private
key.
First generate and sign a certificate request with the Common Name (CN) as
www.mysite.com. Remove any extra information to keep only the ---CERTIFCATE -
-- part.
The key needs to be made insecure, so no password is required when reading the
private key. Take the newreq.pem files that contains your private key and remove the
passphrase from it.
Because the key (PRIVATE Key) is insecure, you must know what you are doing:
check file permissions, etc... If someone gets its hand on it, your site is compromised
(you have been warned). Now you can use the newcert and cakeyunsecure.pem for
apache.
Edit /etc/httpd/conf/ssl/ssl.default-vhost.conf.
----
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A test
57
# certificate can be generated with `make certificate' under
# built time.
#SSLCertificateFile conf/ssl/ca.crt
SSLCertificateFile wwwcert.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file.
#SSLCertificateKeyFile conf/ssl/ca.key.unsecure
SSLCertificateKeyFile wwwkeyunsecure.pem
----
Stop and start httpd (/etc/rc.d/init.d/httpd stop) ensure that all processes are dead
(killall httpd) and start httpd (/etc/rc.d/init.d/httpd start)
Read the paragraph on “Using a certificate with POPS”, for more information.
A pem file for ipop3sd can be created by generating a certificate, unsecuring the
private key and combining the two into /etc/ssl/imap/ipop3sd.pem. This is the location
where the imap rpm on Mandrake 9.0 expects to find the file. A similar procedure can
be used for imap and putting the file in /etc/ssl/imap/imapsd.pem.
The CN should be the name that the mail client connects to (e.g mail.xyz.org). In MS-
Outlook, on the server tab, enter for the incoming mail server mail.xyz.org and on the
Advanced tab check the “This server requires a secure connection (SSL)”, this will
change the connection port to 995 (imaps). The trusted root CA must be installed in
MS Internet Explorer to validate the certificate from mail.xyz.org.
FIXME
FIXME
In Microsoft Key Manager, select the service you want to create a key for, for
instance IMAP (or WWW). Use the wizard to generate a new key. Ensure that the
distinguished name won't be identical to previous generated keys, for Instance for the
Common Name (CN) use imap.mycompany.com. The wizard will place the request in
the file C:\NewKeyRq.txt. Key Manager shows a Key with a strike to indicate the key
is not signed.
Import this file in the OpenSSL /var/ssl directory, rename it to newreq.pem and sign
the request as usual.
58
CA.pl -sign
The file newcert.pem is not yet suitable for key manager as it contains some text and
the -CERTIFICATE- section. We have to remove the text, the easy way is to do:
Using a text editor is also suitable to delete everything outside the -CERTIFICATE-
section.
Export the file newcertx509.pem to the Computer running key Manager and while
selecting the key icon in the Key Manager application, right click and click on Install
the Key Certificate, select this file, enter the passphrase. The key is now fully
functional.
-----------------
Simply generate and sign a certificate request but with the Common Name (CN)
being your e-mail address.
Now sign your message test.txt (output test.msg) using your certificate newcert.pem
and your key newreq.pem:
You can now transmit test.msg to anybody, you can use this procedure to make signed
advisories, or other signed documents to be published digitally.
You need to import it in Outlook as a pkcs12 file. To generate the pkcs12 file from
your newcert.pem and newreq.pem:
or use this command to bundle the signing certificate with your pkcs12 file
59
cacert.pem \
-out newcert.p12 -name "Franck Martin"
Beware this certificate contains your public and private key and is only secured by the
passphrase. This is a file not to let into everybody's hand.
Now click on the Settings button, MS Outlook should have selected the default setting
so just click on New. And finally click on Ok, except if you want to change the
default settings. You are ready to send signed e-mails. When you send a signed e-mail
the user at the other end will receive your public key, and will therefore be able to
send you encrypted e-mails.
As you have issued this certificate from a self-signed certificate (root CA Certificate),
the trust path won't be valid because the application does not know the root CA
Certificate. The root CA certificate has to be downloaded and installed. Refer to the
chapter "Install the CA root certificate as a Trusted Root Certificate in Internet
Explorer".
You can send your message as encrypted signed messages or clear text message. The
encryption is not really an encryption as the message contains everything needed to
decrypt the message, but it ensures that the recipient won't read the message if he does
not have an s/mime compliant reader.
Note that early version of MS-Outlook XP will search the Internet to verify the validy
of the certificate. It can take several seconds before the e-mail is displayed and several
minutes for MS-Outlook XP to timeout when you don't have a full time or on-demand
Internet connection. The bug is that this process is exclusive, the whole machine
freezes till MS-Outlook XP has finished somehow.
FIXME
FIXME
Evolution 1.0 does not work with S/MIME, but only with PGP. It is planned that
Evolution will handle S/MIME in a future release (from the evolution bug database).
However in some instances Evolution recognises that the document is clear text
signed and displays it correctly, even though it can't check the signature (early
60
versions of Evolution does not understand one of the 3 MIME signature types,
unfortunately the one MS-Outlook uses quite often).
FIXME
FIXME
Patch (computing)
Jump to: navigation, search
"Software update" redirects here. For the software tool by Apple Inc., see Apple Software
Update.
This article may contain original research or unverified claims. Please improve the article
by adding references. See the talk page for details. (September 2008)
Patch management is the process of using a strategy and plan of what patches should
be applied to which systems at a specified time.
Types
Patches can also circulate in the form of source code modifications. In these cases, the
patches consist of textual differences between two source code files. These types of
patches commonly come out of open source projects. In these cases, developers
expect users to compile the new or changed files themselves.
61
Because the word "patch" carries the connotation of a small fix, large fixes may use
different nomenclature. Bulky patches or patches that significantly change a program
may circulate as "service packs" or as "software updates". Microsoft Windows NT
and its successors (including Windows 2000, Windows XP, and later versions) use the
"service pack" terminology.
History
Today, computer programs can often coordinate patches to update a target program.
Automation simplifies the end-users' task -- they need only to execute an update
program, whereupon that program makes sure that updating the target takes place
completely and correctly. Service packs for Microsoft Windows NT and its successors
and for many commercial software products adopt such automated strategies.
Some programs can update themselves via the Internet with very little or no
intervention on the part of users. The maintenance of server software and of operating
systems often takes place in this manner. In situations where system administrators
control a number of computers, this sort of automation helps to maintain consistency.
The application of security patches commonly occurs in this manner.
Application
The size of patches may vary from a few kilobytes to hundreds of megabytes —
mostly more significant changes imply a larger size, though this also depends on
whether the patch includes entire files or only the changed portion(s) of files. In
particular, patches can become quite large when the changes add or replace non-
program data, such as graphics and sounds files. Such situations commonly occur in
the patching of computer games. Compared with the initial installation of software,
patches usually do not take long to apply.
In the case of operating systems and computer server software, patches have the
particularly important role of fixing security holes. To facilitate updates, operating
systems often provide automatic or semi-automatic update facilities.
62
but also because administrators fear that software companies may gain unlimited
control over their computers.[citation needed] Package management systems can offer
various degrees of patch automation.
Cautious users, particularly system administrators, tend to put off applying patches
until they can verify the stability of the fixes. Microsoft (W)SUS support this. In the
cases of large patches or of significant changes, distributors often limit availability of
patches to qualified developers as a beta test.
IPTV
Internet Protocol television (IPTV) is a system through which digital
television service is delivered using the architecture and networking
methods of the Internet Protocol Suite over a packet-switched network
infrastructure, e.g., the Internet and broadband Internet access networks,
instead of being delivered through traditional radio
frequency broadcast, satellite signal, and cable television (CATV)
formats. See Internet television.
IPTV services may be classified into three main groups: live television,
time-shifted programming, and content (or video) on demand. It is
distinguished from general Internet-based or web-based multimedia
services by its on-going standardization process (e.g., ETSI) and
preferential deployment scenarios in subscriber-based
telecommunications networks with high-speed access channels into end-
user premises via set-top boxes or other customer-premises equipment.
63