Arduino is an open-source electronics prototyping platform based on flexible, easy-to-use hardware and software. It's intended for artists, designers, hobbyists, and anyone interested in creating interactive objects or environments.
Audio had been digitised and stored into different formats. When you convert into an analog, the audio file (digital format) can be quite large.
Lossy encoding à Occur when you try to do sampling, making approx. 44.1 samples in 1 second. Hence, between the seconds, you cannot differentiate the changes in the pitch and so on because human hear cannot hear so detail. Hence, you are losing information. It is thus lossy encoding.
MP3 format is patented, hence, if we want to play a MP3 song, we actually cannot play it from the CD. We are not allowed to do so. Some of the patents are not applicable elsewhere, hence we can put the software or the code into a website of a country that the patent is not applicable. Hence, we get to use the MP3 nowadays.
OR, we could look at alternate formats à vorbis.com à trying to create the same ability to encode into a particular format of audio (ogg) and video. à This is patent-free and you can implement it everywhere.
Adobe Flash is the reason why Youtube can work. It is proprietary.
Webm is similar to OGG in a certain way but it can put in video similar in format to the flash video. This is meant for delivery over the net. If you do not have flash, you can still view youtube via WebM bcos WebM is similar to flash.
Monday 6 June 2011
Meeting Seven
Meeting 7
https://www.grc.com/haystack.htm --> Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered.
The above tells you how long would it take to break your password.
Public Key Infrastructure (PKI)
● What is it?
– It is a scheme that allows for the deployment of an electronic means to sign documents that one can then check that it authentic
– Accepted by governments and businesses
Public Key Infrastructure
● Why has it not taken off in a big way?
– People have not seen a critical need for it.
– “ No itch to scratch” yet : Things are done bcos ppl wants to do it. That is bcos there is ‘an itch that he wants to scratch’ but when the itch is gone, he wouldn’t continue on the project.
– Easy and transparent way to use it has not evolved yet
– No legal requirement to mandatorily to use it: Not necessary to use it.
– Should governments run it? Would you trust the government to run this well? : The government had suggested to have an email account (designated) for everyone but ppl find no need for this to happen.
Public Key Infrastructure
● Web of Trust : if I trust A and A trust B , I can trust B.
key signing party : Each party have a public and private key. Take the public key and email to one person (the organiser). The organiser puts it on the wiki. To be a part of the key signing party, each party must bring their public key and his identifier. Then the organiser sign their public key and send it back to them. If you go elsewhere and you wanna run a key signing party, then you can spread this web of trust to another part of the world to ppl who know the organiser. Afterall, since they know the organiser, they would join this key signing party.
– Pretty Good Privacy by Phil Zimmerman
● http://www.philzimmermann.com/EN/background/index.html
– Built on the mathematical principle of public and
private key made possible by Ron Rivest, Adi
Shamir, and Leonard Adleman
– The mathematical algorithm uses two prime
numbers
– http://world.std.com/~franl/crypto/rsa-guts.html
– http://en.wikipedia.org/wiki/RSA
LAMP
● LAMP
– Linux
– Apache
– MySQL/PostgreSQL : A database where you store info and you can retrieve it
– Perl/Python/PHP/Ruby
-MAMP : Mac instead of Linux
-WAMP: Windows instead of Linus
● LAMP forms the bedrock of applications that go “up the stack” to provide highly reliable and scalable performance
● The concept of 4 Nines, 5 Nines, 6 Nines, 7 Nines
Hardware : A computer with CPU, RAM, Hard disk, Network, Input/Output (I/O),USB, Audio, Microphone. For a server, you may not need some of these components.
USB device are designed based on standards. If not, you are ‘locked-in’ , meaning, you are restricted to using only something of a certain design. For instance, if you don’t like Linux, you can use Windows becos they are standard-based. Hence, they can be interchangeable. You wont be locked in.
5 nines means that that is 315.36s of downtime. If you increase to 6 nines, you have only 31.54s of downtime. This is somewhat like the reliability of the system. Bcos of cloud computing, the reliability can go on and on to near 100%.
Open Source Collaboration Tools
● Collaboration involves the need to track and manage contributions by many authors 24 hours a day.
● You need to have access control to it, rights as to who can view, change, modify, add, remove
● Open Source software development is an example of this an some of the tools that do this include: – Git/Subversion/CVS/Darcs, RSS, Wikis, Blogs
Is open source safe?
http://apache.org/ --> is running more than 60% of the world’s web server. It is the software that runs the pages. Apache is an open source but there had been no problems with it despite the hostility in the internet world.
http://news.netcraft.com/
MORE EYES MAKE BUGS SHALLOW: when more ppl are looking at something, there is more chances to see mistakes and thus easily solved.
A port is a place you connect to. There are some port numbers that are agreed globally. The port numbers are divided into three ranges: the well-known ports, the registered ports, and the dynamic or private ports.
Cloud computing
http://xkcd.com/908/
In meeting 5, we have discussed about virtualisation and cloud computing.
A virtual hardware is a software that behaves like a hardware, operating system, database, and so on. It doesn’t occupy space, you can email it to another person cos its just a file, a software. Hence, you can make copies of it, having as much capacity as you want. You can change the way you use the hardware. How? You can shut down a whole bunch of servers or sell them to others bcos you don’t need to use it. (e.g. amzon ELASTIC COMPUTE CLOUD (EC2)).
Paas, Iaas, Saas : Platform as a service , Software as a service , Infrastructure as a service.
Classroom : considered as IAAS. The desk and chairs are the infrastructure and ppl are the software that runs around.
Lab: considered as PAAS. The computers are considered as a platform where it is
fixed and you uses it.
SAAS: we are using a service and we are constantly using it. E.g. Facebook.
A game e.g. Farmville, is using Facebook as a platform that ppl can use it. Hence it becomes PAAS.
Friday 3 June 2011
1) Installing fedora
1st create partition for root drive, then create partition for home drive, then /drive and finally swap drive
Swap space: swap, put it somewhere else, so to have space.
Public key infrastructure: if i want to send a secret msg to someone else, how to ensure, only that somebody is the only one thats able to see? Without the rest being able to see. Thus, all these, is under cryptography: field to encrypt. Encrypt to hide details.
EG
Actual msg: D E A D
but dont send the actual message
everytime see a D, change to F.. E change to G.. so msg sent becomes: FGCF, if ppl reverse process it, can encode the message as DEAD.
A string of words: key
WIFI: key easy to break, so can somehow 'read' the msg, WPA: abit harder, a few days to break
PKI: Public Key Infrastructure
use alrogrithm, create 2 number, use one of the numbers to generate public key that is sent, everyone can see. Then give the other number, use it as a private key, to somebody u want to read your msg, that person can then use it to reverse it to get the actual msg. relationship between the 2 number is a fixed relationship.
EXAMPLE
have 2 very large numbers eg A and B, numbers related to each other. Relationship comes from the algorithm that it was run.
Eg actual MSG: HELP ME, then add it to number A, creates some key eg XYZABC12345, that is now sent. cannot use number A to do reverse.
So to figure out what is the actual msg, do same actual math formula, but instead of number A, use number B, then output will be : HELP ME
___________________________________________________________________________
*prime no. is the basis of PKI* relationship between the 2 keys is due to algorithm that is possible becos of prime no.
*also the length of the key is impt. Measured by no. of bits. Eg private key is only 2 numbers/ 2 bits:10, only 4 possibilities: 01,10,00,11.
The more the bits, longer the key, more possibilities, more likely your key is valid cos it takes longer for ppl to break the key. Can use brute force method, but how long
Brute force method: the way of breaking the key. Where it goes thru all the possible combinations to solve it.
*ENCRYPT: 1st objective: u know who send the msg to you
2nd objective: ensure u are the only person that reads it, guarentee, only receiver can see it Here, authenticating each other!
Eg Person 1 wants to send msg to Person 2, only person 2 can read it. Take actual msg, take private key, create a public key. Then take person 2 public key, apply onto your msg, get the output, send the output to the person 2 u want to read your msg. Person 2 takes the output plus the private key, reverse process, gets the actual msg.
If dont take care of private key, then everyone have access to your actual msg. Only give your private key to the person u want to read the msg. Private key is something like your password.
This is one way, u know for sure, the msg come from the person who gives the private key to you. Its like a digital signature.
- HTTPS: the S is the secure part.
- basis of PKI: can have electronic commerce
SUMMARY OF PKI
Basically, it is a scheme to allow for the deployment of an electronic means to sign documents for authenticity checks.
Rivest Shamir Adleman (RDA) came up with a method in 1970s, widely acknowledged as the first alogarithm for PKI and is used in e-commerce.
The magic of this method centers on the use of two large prime numbers which act as your keys. One will be the public key, and one will be held secret and safe as the private key.
The advantage of this is the not only do you gain ability to encrypt, preventing authorized access, you will not be giving away your unique private key, hence providing a method of determining "sender identity".
2 scenarios: first, one that u use ur private key to encrypt something, and the receiver uses your public key to open it. another scenario could be that you want to designate a specific recipient, hence you apply both your own private key and the public key of the recipient, then you send it, the mail can only be opened with knowledge of both your public key and his own private key.
Hence this ensures 3 things, that only the recipient can see it, recipient is sure of sender identity and there was no content loss in the process of sending.
Crytography is about the size in the sense that the number of bits determine the difficulty of "cracking" the code or, the strength of the keys (in binary: 0 and 1).
The "Brute Force Method" is the way of cracking where the cracker goes through all the possible combinations to solve it.
In the addition of an additional bit will double the time take to solve it. (number of combinations = 2^n, where n=no. of bits). In technology, 1024,2048 and 4096bits are commonly applied. ALOT OF TIME to go through all the possible combinations,
- 2 main software in the opensource side, namely the PGP(pretty good privacy) and the GPG(gnu privacy guard).
One example of PKI is our EZ LINK card, in which a "private" key is embedded and signed by the card provider (NETS, EZlink or others). When the card is tapped, in the milliseconds of contact, the card is activated and the required information is retrieved from the card to verify the fund available for use. Net trust company: creates the private key of ez link.
Certificate authority (CA): In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, a CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. CAs are characteristic of many public key infrastructure (PKI) schemes.
PGP: PGP(pretty good privacy) and the GPG(gnu privacy guard). In the 1990s, Us legislation classified crytography as a munition and hence any distribution to outside of the US was illegal. Philip Zimmermann of PGP fame decided to circumvent this by using a loophole in the right to free speech act to publish the code in a book using fonts that be be easily read and transcribed to computers. This allowed the PGP code to be available to everyone in the world.
Wednesday 1 June 2011
Windows vs Linux, and Virtualization and Cloud Computing
Meeting Five
1) Free ware
2) Trial ware
3) Share ware
4) Cripple ware
5) Nag ware
6) Demo ware
None of the above have default access to source code.
Open source and free software, you have access to the source code.
Free ware
Definition:
Freeware (from "free" and "software") is computer software that is available for use at no cost or for an optional fee,[1] but usually with one or more restricted usage rights.[2][3] Freeware is in contrast to commercial software, which is typically sold for profit. The term does not imply that the software is free and open source software (FOSS). Freeware is a loosely defined category, which includes both closed and open source proprietary software.
Example: Adobe Acrobat
Cost: None
No access to source code
Trial Ware
Definition: Trialware is a combination of freeware and shareware. It is not exactly cripple ware because it is fully functional within the trial days.
Cost: Initially cost nothing within e.g. 30 days, but after that you got to pay before you get to use it again. You can’t download it again for free because of system registry. You get rid of the system registry to use it free again.
Example: Adobe Flash
No access to source code
Cripple ware
Cripple ware is cripple till you pay. Some features are not available to you unless you pay. That is cripple ware.
Cost: Generally zero
No access to source code
Question: Why do ppl create open source software if you don’t collect payment in the first place?
Out of goodwill.
The internet is an enabling technique that makes open source possible.
Red hat: As a developer, they uses internet to work on open source projects and writes code.
TED
Please watch this: http://www.ted.com/talks/johanna_blakley_lessons_from_fashion_s_free_culture.html
TEDX is a special version of TED. Same rules, you have 20 min to speak and you must show some TED videos first before you speak.
ISO 9660 : If you want to put data to your CD, you put the data in ISO 9660 format. Anything that has a name ‘….ISO’ means it is in the form of a CD.
Cloud Computing Explained
Cloud computing is a reality, and it's a force that IT professionals need to quickly come to terms with. The economic and social motivation for the cloud is high, the business need for speed and agility is greater than ever before, and the technology has reached a level in which prudent investments in cloud services are fast and easy. The number of cloud success stories is growing every week.
The cloud is here, but what exactly is it? Where is it headed? What are the risks? And how can IT organizations prepare?Cloud computing is the use of Internet-based services to support a business process. Cloud services typically have the following characteristics:
• They can be rapidly deployed, so they are quick to value.
• There is little or no start-up cost and no capital investment.
• Costs for services are usage based with no fixed commitment.
• Services can be quickly and easily scaled up or down with no penalty.
• Services are multi-tenant (many customers leverage the platform).
• The ability to customize a service is limited.
The cloud lets users contract for services at three levels:
• Infrastructure as a Service : Grids of virtualized servers, storage & networks. Examples include Amazon's Elastic Compute Cloud and Simple Storage Service.
• Platform-as-a-service: The abstraction of applications from traditional limits of hardware allowing developers to focus on application development and not worry about operating systems, infrastructure scaling, load balancing and so on. Examples include Force.com and Microsoft's Azure investments.
• Software-as-a-service: Applications with a Web-based interface accessed via Web Services and Web 2.0. Examples include Google Apps, SalesForce.com and social network applications such as FaceBook
A slew of investors are exploring cloud options while Amazon and Google already have important cloud offerings and companies such as Microsoft and IBM are investing billions of dollars.
Looking further into the future, standards will emerge that reduce some of the uncertainties of contracting for cloud services.What Are the Risks?
As with any service, with the cloud you should always make sure that you know what you are paying for and what measurements exist to show you are actually receiving the service. You should pay careful attention to:
• Service levels - Cloud providers may be hesitant to commit to consistency of performance for an application or transaction. Understand the service levels you can expect for transaction response times, data protection and speed of data recovery.
• Privacy - Someone else hosting and serving your data could be approached by the U.S. government to access and search that data without your knowledge or approval. Current indications are that they would be obligated to comply.
• Compliance - You are probably already aware of the regulations that apply to your business. In theory, cloud service providers can meet the same level of compliance for data stored in the cloud but, because most of these services are young, you'll need to take extra care.
• Data ownership - Do you still own your data once it goes into the cloud? You may think the answer to this question is obvious, but the recent flap over Facebook's attempt to change its terms of use suggests that the question is worth a second look.
• Data Mobility - Can you share data between cloud services? If you terminate a cloud relationship can you get your data back? What format will it be in? How can you be sure all other copies are destroyed?
For a service that's going to be critical to your company, the best advice is to ask a lot of questions and get all commitments in writing.
What Are Smart Companies Doing Now?
There are a lot of opportunities for IT organizations to leverage cloud services. Many organizations are enhancing their existing infrastructure to take advantage of "cloud bursting"; when you need extra capacity for an activity, you can quickly leverage resources from the cloud rather than investing in those resources in-house.
Development/test and similar activities are also great cloud opportunities, allowing you to reduce capital spending and related data center costs while increasing speed and agility.
Companies that are hesitate to commit data to the cloud are developing models to store production data in their own facilities to ensure they meet compliance requirements while leveraging massive compute resources in the clouds for processing as needed.
Are You Ready?
If your organization is just beginning to explore the cloud there are a number of mature cloud services that can be considered "low-hanging fruit," such as e-mail services. But in addition to looking outside, you may want to evolve your internal infrastructure toward a more cloud-like model.
That will likely mean determining what role IT will play in enabling the business models required by today's economy. How will you improve speed and agility? How can you support your business operations with fewer fixed expenses? What will you do to engage a new generation of professionals?
You should define opportunities and work with your customers to understand what services can best meet your needs or fill gaps in your existing IT portfolio.
The first step is to assess your ability to assist in contracting for cloud services. Your job is to make the process simple, repeatable and beneficial to your business.
Second, you need to identify which services can reside in the cloud and which should be internal. Determine what systems and services are core to your business or store your crucial intellectual property. These should be categorized as high risk and not considered cloud opportunities in the near term.
Finally, you need to develop a sourcing strategy to achieve the low cost, scalability and flexibility your business is seeking. This should include all the necessary protections such as data ownership and mobility, compliance and other elements familiar from more traditional IT contracts.
Robbins is CTO for IT at NetApp. He is responsible for identifying and selecting new technologies and establishing the adoption road map and timing for NetApp IT delivery.
For more information about enterprise networking, go to NetworkWorld. Story copyright 2011 Network World Inc. All rights reserved.
What Cloud Computing provides:
All you have to do is to buy a service from them. It’s like a subscription.
CRM: Customer relationship management. You own the date but they provide the service for you. When there is a new version up, you need to get updates but they directly help you do so.
Amazon.com are the early providers for cloud computing. There got no real shop. They are online shop. They have expertise to know how to scale up and down as and when you need. AWS is amazon web services.
Because cloud computing is online, there is query as to where the customer’s details are kept and which country’s jurisdiction they belong to. These data are going to go through different country as they go through the internet. As the data past through the various country jurisdiction, will your data be in safe condition?
Cloud computing makes use of virtualisation.
Virtualization and the benefits
Your computer is a hardware and inside your computer you have your CPU, memory (RAM), keyboard, video, network, mouse.
Virtualize refers to trying to create a software-based computer, no hardware is involved. Hence, you create the above things completely in software. But how do you used these things (mouse, network).
You create a computer that has Fedora as the operating sys. If your operating sys has one key capability which is called the hypervisor (a type of platform-visualisation), then you can have the ability to create a virtual machine (mentioned above). You can even have multiple virtual machines just like a hardware computer. You have everything (mouse, video, network) and you can make a copy of it. You only need the original hardware that’s all. This is what makes cloud computing working.
You have a piece of hardware comp and you connect this on a network to another hardware computer that runs this virtual machine. You can transfer your virtual machine via live migration to the piece of hardware comp. In this way, you are transferring e.g. the capacity that the virtual machine can carry, to the piece of hardware comp. Hence, the piece of hardware comp can be expanded in terms of its capacity and thus, ppl can make use of this piece of hardware comp that provides the capability that the virtual computer provide. You must have a hypervisor to do so. This method is used by cloud computing (that amazon uses), so that companies can scale up their capacity during peak periods like Christmas where more ppl shop online. They can scale down after the holidays.
Arduino is an open-source electronics prototyping platform based on flexible, easy-to-use hardware and software. It's intended for artists, designers, hobbyists, and anyone interested in creating interactive objects or environments.
Audio had been digitised and stored into different formats. When you convert into an analog, the audio file (digital format) can be quite large.
Lossy encoding à Occur when you try to do sampling, making approx. 44.1 samples in 1 second. Hence, between the seconds, you cannot differentiate the changes in the pitch and so on because human hear cannot hear so detail. Hence, you are losing information. It is thus lossy encoding.
MP3 format is patented, hence, if we want to play a MP3 song, we actually cannot play it from the CD. We are not allowed to do so. Some of the patents are not applicable elsewhere, hence we can put the software or the code into a website of a country that the patent is not applicable. Hence, we get to use the MP3 nowadays.
OR, we could look at alternate formats à vorbis.com à trying to create the same ability to encode into a particular format of audio (ogg) and video. à This is patent-free and you can implement it everywhere.
Adobe Flash is the reason why Youtube can work. It is proprietary.
Webm is similar to OGG in a certain way but it can put in video similar in format to the flash video. This is meant for delivery over the net. If you do not have flash, you can still view youtube via WebM bcos WebM is similar to flash.
Monday 6 June 2011
Meeting Seven
Meeting 7
https://www.grc.com/haystack.htm --> Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered.
The above tells you how long would it take to break your password.
Public Key Infrastructure (PKI)
● What is it?
– It is a scheme that allows for the deployment of an electronic means to sign documents that one can then check that it authentic
– Accepted by governments and businesses
Public Key Infrastructure
● Why has it not taken off in a big way?
– People have not seen a critical need for it.
– “ No itch to scratch” yet : Things are done bcos ppl wants to do it. That is bcos there is ‘an itch that he wants to scratch’ but when the itch is gone, he wouldn’t continue on the project.
– Easy and transparent way to use it has not evolved yet
– No legal requirement to mandatorily to use it: Not necessary to use it.
– Should governments run it? Would you trust the government to run this well? : The government had suggested to have an email account (designated) for everyone but ppl find no need for this to happen.
Public Key Infrastructure
● Web of Trust : if I trust A and A trust B , I can trust B.
key signing party : Each party have a public and private key. Take the public key and email to one person (the organiser). The organiser puts it on the wiki. To be a part of the key signing party, each party must bring their public key and his identifier. Then the organiser sign their public key and send it back to them. If you go elsewhere and you wanna run a key signing party, then you can spread this web of trust to another part of the world to ppl who know the organiser. Afterall, since they know the organiser, they would join this key signing party.
– Pretty Good Privacy by Phil Zimmerman
● http://www.philzimmermann.com/EN/background/index.html
– Built on the mathematical principle of public and
private key made possible by Ron Rivest, Adi
Shamir, and Leonard Adleman
– The mathematical algorithm uses two prime
numbers
– http://world.std.com/~franl/crypto/rsa-guts.html
– http://en.wikipedia.org/wiki/RSA
LAMP
● LAMP
– Linux
– Apache
– MySQL/PostgreSQL : A database where you store info and you can retrieve it
– Perl/Python/PHP/Ruby
-MAMP : Mac instead of Linux
-WAMP: Windows instead of Linus
● LAMP forms the bedrock of applications that go “up the stack” to provide highly reliable and scalable performance
● The concept of 4 Nines, 5 Nines, 6 Nines, 7 Nines
Hardware : A computer with CPU, RAM, Hard disk, Network, Input/Output (I/O),USB, Audio, Microphone. For a server, you may not need some of these components.
USB device are designed based on standards. If not, you are ‘locked-in’ , meaning, you are restricted to using only something of a certain design. For instance, if you don’t like Linux, you can use Windows becos they are standard-based. Hence, they can be interchangeable. You wont be locked in.
5 nines means that that is 315.36s of downtime. If you increase to 6 nines, you have only 31.54s of downtime. This is somewhat like the reliability of the system. Bcos of cloud computing, the reliability can go on and on to near 100%.
Open Source Collaboration Tools
● Collaboration involves the need to track and manage contributions by many authors 24 hours a day.
● You need to have access control to it, rights as to who can view, change, modify, add, remove
● Open Source software development is an example of this an some of the tools that do this include: – Git/Subversion/CVS/Darcs, RSS, Wikis, Blogs
Is open source safe?
http://apache.org/ --> is running more than 60% of the world’s web server. It is the software that runs the pages. Apache is an open source but there had been no problems with it despite the hostility in the internet world.
http://news.netcraft.com/
MORE EYES MAKE BUGS SHALLOW: when more ppl are looking at something, there is more chances to see mistakes and thus easily solved.
A port is a place you connect to. There are some port numbers that are agreed globally. The port numbers are divided into three ranges: the well-known ports, the registered ports, and the dynamic or private ports.
Cloud computing
http://xkcd.com/908/
In meeting 5, we have discussed about virtualisation and cloud computing.
A virtual hardware is a software that behaves like a hardware, operating system, database, and so on. It doesn’t occupy space, you can email it to another person cos its just a file, a software. Hence, you can make copies of it, having as much capacity as you want. You can change the way you use the hardware. How? You can shut down a whole bunch of servers or sell them to others bcos you don’t need to use it. (e.g. amzon ELASTIC COMPUTE CLOUD (EC2)).
Paas, Iaas, Saas : Platform as a service , Software as a service , Infrastructure as a service.
Classroom : considered as IAAS. The desk and chairs are the infrastructure and ppl are the software that runs around.
Lab: considered as PAAS. The computers are considered as a platform where it is
fixed and you uses it.
SAAS: we are using a service and we are constantly using it. E.g. Facebook.
A game e.g. Farmville, is using Facebook as a platform that ppl can use it. Hence it becomes PAAS.
Friday 3 June 2011
1) Installing fedora
1st create partition for root drive, then create partition for home drive, then /drive and finally swap drive
Swap space: swap, put it somewhere else, so to have space.
Public key infrastructure: if i want to send a secret msg to someone else, how to ensure, only that somebody is the only one thats able to see? Without the rest being able to see. Thus, all these, is under cryptography: field to encrypt. Encrypt to hide details.
EG
Actual msg: D E A D
but dont send the actual message
everytime see a D, change to F.. E change to G.. so msg sent becomes: FGCF, if ppl reverse process it, can encode the message as DEAD.
A string of words: key
WIFI: key easy to break, so can somehow 'read' the msg, WPA: abit harder, a few days to break
PKI: Public Key Infrastructure
use alrogrithm, create 2 number, use one of the numbers to generate public key that is sent, everyone can see. Then give the other number, use it as a private key, to somebody u want to read your msg, that person can then use it to reverse it to get the actual msg. relationship between the 2 number is a fixed relationship.
EXAMPLE
have 2 very large numbers eg A and B, numbers related to each other. Relationship comes from the algorithm that it was run.
Eg actual MSG: HELP ME, then add it to number A, creates some key eg XYZABC12345, that is now sent. cannot use number A to do reverse.
So to figure out what is the actual msg, do same actual math formula, but instead of number A, use number B, then output will be : HELP ME
___________________________________________________________________________
*prime no. is the basis of PKI* relationship between the 2 keys is due to algorithm that is possible becos of prime no.
*also the length of the key is impt. Measured by no. of bits. Eg private key is only 2 numbers/ 2 bits:10, only 4 possibilities: 01,10,00,11.
The more the bits, longer the key, more possibilities, more likely your key is valid cos it takes longer for ppl to break the key. Can use brute force method, but how long
Brute force method: the way of breaking the key. Where it goes thru all the possible combinations to solve it.
*ENCRYPT: 1st objective: u know who send the msg to you
2nd objective: ensure u are the only person that reads it, guarentee, only receiver can see it Here, authenticating each other!
Eg Person 1 wants to send msg to Person 2, only person 2 can read it. Take actual msg, take private key, create a public key. Then take person 2 public key, apply onto your msg, get the output, send the output to the person 2 u want to read your msg. Person 2 takes the output plus the private key, reverse process, gets the actual msg.
If dont take care of private key, then everyone have access to your actual msg. Only give your private key to the person u want to read the msg. Private key is something like your password.
This is one way, u know for sure, the msg come from the person who gives the private key to you. Its like a digital signature.
- HTTPS: the S is the secure part.
- basis of PKI: can have electronic commerce
SUMMARY OF PKI
Basically, it is a scheme to allow for the deployment of an electronic means to sign documents for authenticity checks.
Rivest Shamir Adleman (RDA) came up with a method in 1970s, widely acknowledged as the first alogarithm for PKI and is used in e-commerce.
The magic of this method centers on the use of two large prime numbers which act as your keys. One will be the public key, and one will be held secret and safe as the private key.
The advantage of this is the not only do you gain ability to encrypt, preventing authorized access, you will not be giving away your unique private key, hence providing a method of determining "sender identity".
2 scenarios: first, one that u use ur private key to encrypt something, and the receiver uses your public key to open it. another scenario could be that you want to designate a specific recipient, hence you apply both your own private key and the public key of the recipient, then you send it, the mail can only be opened with knowledge of both your public key and his own private key.
Hence this ensures 3 things, that only the recipient can see it, recipient is sure of sender identity and there was no content loss in the process of sending.
Crytography is about the size in the sense that the number of bits determine the difficulty of "cracking" the code or, the strength of the keys (in binary: 0 and 1).
The "Brute Force Method" is the way of cracking where the cracker goes through all the possible combinations to solve it.
In the addition of an additional bit will double the time take to solve it. (number of combinations = 2^n, where n=no. of bits). In technology, 1024,2048 and 4096bits are commonly applied. ALOT OF TIME to go through all the possible combinations,
- 2 main software in the opensource side, namely the PGP(pretty good privacy) and the GPG(gnu privacy guard).
One example of PKI is our EZ LINK card, in which a "private" key is embedded and signed by the card provider (NETS, EZlink or others). When the card is tapped, in the milliseconds of contact, the card is activated and the required information is retrieved from the card to verify the fund available for use. Net trust company: creates the private key of ez link.
Certificate authority (CA): In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, a CA is a trusted third party that is trusted by both the subject (owner) of the certificate and the party relying upon the certificate. CAs are characteristic of many public key infrastructure (PKI) schemes.
PGP: PGP(pretty good privacy) and the GPG(gnu privacy guard). In the 1990s, Us legislation classified crytography as a munition and hence any distribution to outside of the US was illegal. Philip Zimmermann of PGP fame decided to circumvent this by using a loophole in the right to free speech act to publish the code in a book using fonts that be be easily read and transcribed to computers. This allowed the PGP code to be available to everyone in the world.
Wednesday 1 June 2011
Windows vs Linux, and Virtualization and Cloud Computing
Meeting Five
1) Free ware
2) Trial ware
3) Share ware
4) Cripple ware
5) Nag ware
6) Demo ware
None of the above have default access to source code.
Open source and free software, you have access to the source code.
Free ware
Definition:
Freeware (from "free" and "software") is computer software that is available for use at no cost or for an optional fee,[1] but usually with one or more restricted usage rights.[2][3] Freeware is in contrast to commercial software, which is typically sold for profit. The term does not imply that the software is free and open source software (FOSS). Freeware is a loosely defined category, which includes both closed and open source proprietary software.
Example: Adobe Acrobat
Cost: None
No access to source code
Trial Ware
Definition: Trialware is a combination of freeware and shareware. It is not exactly cripple ware because it is fully functional within the trial days.
Cost: Initially cost nothing within e.g. 30 days, but after that you got to pay before you get to use it again. You can’t download it again for free because of system registry. You get rid of the system registry to use it free again.
Example: Adobe Flash
No access to source code
Cripple ware
Cripple ware is cripple till you pay. Some features are not available to you unless you pay. That is cripple ware.
Cost: Generally zero
No access to source code
Question: Why do ppl create open source software if you don’t collect payment in the first place?
Out of goodwill.
The internet is an enabling technique that makes open source possible.
Red hat: As a developer, they uses internet to work on open source projects and writes code.
TED
Please watch this: http://www.ted.com/talks/johanna_blakley_lessons_from_fashion_s_free_culture.html
TEDX is a special version of TED. Same rules, you have 20 min to speak and you must show some TED videos first before you speak.
ISO 9660 : If you want to put data to your CD, you put the data in ISO 9660 format. Anything that has a name ‘….ISO’ means it is in the form of a CD.
Cloud Computing Explained
Cloud computing is a reality, and it's a force that IT professionals need to quickly come to terms with. The economic and social motivation for the cloud is high, the business need for speed and agility is greater than ever before, and the technology has reached a level in which prudent investments in cloud services are fast and easy. The number of cloud success stories is growing every week.
The cloud is here, but what exactly is it? Where is it headed? What are the risks? And how can IT organizations prepare?Cloud computing is the use of Internet-based services to support a business process. Cloud services typically have the following characteristics:
• They can be rapidly deployed, so they are quick to value.
• There is little or no start-up cost and no capital investment.
• Costs for services are usage based with no fixed commitment.
• Services can be quickly and easily scaled up or down with no penalty.
• Services are multi-tenant (many customers leverage the platform).
• The ability to customize a service is limited.
The cloud lets users contract for services at three levels:
• Infrastructure as a Service : Grids of virtualized servers, storage & networks. Examples include Amazon's Elastic Compute Cloud and Simple Storage Service.
• Platform-as-a-service: The abstraction of applications from traditional limits of hardware allowing developers to focus on application development and not worry about operating systems, infrastructure scaling, load balancing and so on. Examples include Force.com and Microsoft's Azure investments.
• Software-as-a-service: Applications with a Web-based interface accessed via Web Services and Web 2.0. Examples include Google Apps, SalesForce.com and social network applications such as FaceBook
A slew of investors are exploring cloud options while Amazon and Google already have important cloud offerings and companies such as Microsoft and IBM are investing billions of dollars.
Looking further into the future, standards will emerge that reduce some of the uncertainties of contracting for cloud services.What Are the Risks?
As with any service, with the cloud you should always make sure that you know what you are paying for and what measurements exist to show you are actually receiving the service. You should pay careful attention to:
• Service levels - Cloud providers may be hesitant to commit to consistency of performance for an application or transaction. Understand the service levels you can expect for transaction response times, data protection and speed of data recovery.
• Privacy - Someone else hosting and serving your data could be approached by the U.S. government to access and search that data without your knowledge or approval. Current indications are that they would be obligated to comply.
• Compliance - You are probably already aware of the regulations that apply to your business. In theory, cloud service providers can meet the same level of compliance for data stored in the cloud but, because most of these services are young, you'll need to take extra care.
• Data ownership - Do you still own your data once it goes into the cloud? You may think the answer to this question is obvious, but the recent flap over Facebook's attempt to change its terms of use suggests that the question is worth a second look.
• Data Mobility - Can you share data between cloud services? If you terminate a cloud relationship can you get your data back? What format will it be in? How can you be sure all other copies are destroyed?
For a service that's going to be critical to your company, the best advice is to ask a lot of questions and get all commitments in writing.
What Are Smart Companies Doing Now?
There are a lot of opportunities for IT organizations to leverage cloud services. Many organizations are enhancing their existing infrastructure to take advantage of "cloud bursting"; when you need extra capacity for an activity, you can quickly leverage resources from the cloud rather than investing in those resources in-house.
Development/test and similar activities are also great cloud opportunities, allowing you to reduce capital spending and related data center costs while increasing speed and agility.
Companies that are hesitate to commit data to the cloud are developing models to store production data in their own facilities to ensure they meet compliance requirements while leveraging massive compute resources in the clouds for processing as needed.
Are You Ready?
If your organization is just beginning to explore the cloud there are a number of mature cloud services that can be considered "low-hanging fruit," such as e-mail services. But in addition to looking outside, you may want to evolve your internal infrastructure toward a more cloud-like model.
That will likely mean determining what role IT will play in enabling the business models required by today's economy. How will you improve speed and agility? How can you support your business operations with fewer fixed expenses? What will you do to engage a new generation of professionals?
You should define opportunities and work with your customers to understand what services can best meet your needs or fill gaps in your existing IT portfolio.
The first step is to assess your ability to assist in contracting for cloud services. Your job is to make the process simple, repeatable and beneficial to your business.
Second, you need to identify which services can reside in the cloud and which should be internal. Determine what systems and services are core to your business or store your crucial intellectual property. These should be categorized as high risk and not considered cloud opportunities in the near term.
Finally, you need to develop a sourcing strategy to achieve the low cost, scalability and flexibility your business is seeking. This should include all the necessary protections such as data ownership and mobility, compliance and other elements familiar from more traditional IT contracts.
Robbins is CTO for IT at NetApp. He is responsible for identifying and selecting new technologies and establishing the adoption road map and timing for NetApp IT delivery.
For more information about enterprise networking, go to NetworkWorld. Story copyright 2011 Network World Inc. All rights reserved.
What Cloud Computing provides:
All you have to do is to buy a service from them. It’s like a subscription.
CRM: Customer relationship management. You own the date but they provide the service for you. When there is a new version up, you need to get updates but they directly help you do so.
Amazon.com are the early providers for cloud computing. There got no real shop. They are online shop. They have expertise to know how to scale up and down as and when you need. AWS is amazon web services.
Because cloud computing is online, there is query as to where the customer’s details are kept and which country’s jurisdiction they belong to. These data are going to go through different country as they go through the internet. As the data past through the various country jurisdiction, will your data be in safe condition?
Cloud computing makes use of virtualisation.
Virtualization and the benefits
Your computer is a hardware and inside your computer you have your CPU, memory (RAM), keyboard, video, network, mouse.
Virtualize refers to trying to create a software-based computer, no hardware is involved. Hence, you create the above things completely in software. But how do you used these things (mouse, network).
You create a computer that has Fedora as the operating sys. If your operating sys has one key capability which is called the hypervisor (a type of platform-visualisation), then you can have the ability to create a virtual machine (mentioned above). You can even have multiple virtual machines just like a hardware computer. You have everything (mouse, video, network) and you can make a copy of it. You only need the original hardware that’s all. This is what makes cloud computing working.
You have a piece of hardware comp and you connect this on a network to another hardware computer that runs this virtual machine. You can transfer your virtual machine via live migration to the piece of hardware comp. In this way, you are transferring e.g. the capacity that the virtual machine can carry, to the piece of hardware comp. Hence, the piece of hardware comp can be expanded in terms of its capacity and thus, ppl can make use of this piece of hardware comp that provides the capability that the virtual computer provide. You must have a hypervisor to do so. This method is used by cloud computing (that amazon uses), so that companies can scale up their capacity during peak periods like Christmas where more ppl shop online. They can scale down after the holidays.
