RMI-IIOP

Supposedly I want to create a client-server communication model like the following figure.

We use the word "tier" in software development. what does "tier" mean? Tier, (pronunciation: Tee ya), is a layer.

Here, you may rise the question - "why do you want to create application client?". Let's say, I am a backend programmer who usually write programs to solve complicated business workflows.

The problem is how we do testing effectively the programs what we write, before users use it. We don't want to wait for the frontend programmers who normally design web pages of web tier. It is not productive.

If I can access and test without web tier, I don't need to wait for frontend programmers' work done. we need to create a communication between client and server without any web page. Which protocol does it need to establish that kind of communication? It is RMI-IIOP.

RMI-IIOP (Remote Method Invocation Internet Inter-Orb Protocol) which comes out from CORBA (Common Object Request Broker Architecture) distributed computing capabilities to the Java Platform.

In Java Platform, we call components of business tier, as EJB (Enterprise Beans). They are powerful in EJB 3.0 and later. RMI-IIOP is a bridge to connect Application Client and EJB. RMI-IIOP is developed by Sun Micro and IBM.  What are advantages?

Previously java developers created RMI (Remote Method Invocation). RMI has some limitations. RMI's native protocol, JRMP (Java Remote Method Protocol), can't connect with different other protocols.

It's the main story RMI-IIOP born.  RMI-IIOP supports both JRMP and IIOP.

To switch from JRMP to IIOP, or vice versa, it needs only to change some parameters in java coding. It is the transparency of RMI-IIOP. And also, it supports to maintain java memo 'Write once, Run anywhere anytime forever'.

Reference

javaworld

oracle
wikipedia

Common port numbers

For students who studying in computer network should know and familiar in port numbers used networking system. I would like to introduce some port numbers that are useful for computer students.

Main article: List of TCP and UDP port numbers

The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. This includes the registration of commonly used port numbers for well-known Internet services. The concept of port numbers was established by the early developers of the ARPANET(Advance Research Project Agency Network) in informal cooperation of software authors and system administrators.

The port numbers are divided into three ranges: the well-known ports, the registered ports, and the dynamic or private ports. The well-known ports are those from 0 through 1023. Examples include:

• 20 & 21: File Transfer Protocol (FTP)
• 22: Secure Shell (SSH)
• 23: Telnet remote login service
• 25: Simple Mail Transfer Protocol (SMTP)
• 53: Domain Name System (DNS) service
• 80: Hypertext Transfer Protocol (HTTP) used in the World Wide Web
• 110: Post Office Protocol (POP3)
• 119: Network News Transfer Protocol (NNTP)
• 143: Internet Message Access Protocol (IMAP)
• 161: Simple Network Management Protocol (SNMP)
• 443: HTTP Secure (HTTPS)

The registered ports are those from 1024 through 49151. IANA maintains the official list.The dynamic or private ports are those from 49152 through 65535. One common use is for ephemeral ports.

The term port number was not yet used at this time. It was preceded by the use of the term socket number  in the early development stages of the network. A socket number for a remote host was a 40-bit quantity. The first 32 bits were similar to today's IPv4 address, but at the time the most-significant 8 bits were the host number. The least-significant portion of the socket number (bits 33 through 40) was an entity called Another Eightbit Number, abbreviated AEN, today's port number.

On March 26, 1972, Vint Cerf and Jon Postel called for documenting the then current usages and establishing a socket number catalog in RFC 322. Network administrators were asked to submit a note or place a phone call, "describing the function and socket numbers of network service programs at each HOST".

The 256 values of the AEN were divided into the following ranges:

• 0 through 63: network-wide standard functions
• 64 through 127: host-specific functions
• 128 through 239: reserved for future use
• 240 through 255: any experimental function

The Telnet service received the first official assignment of the value 1. In detail, the first set of assignments was:

1. Telnet

3  File transfer

5  Remote job entry

7  Echo

9  Discard

In the early ARPANET, the AEN was also called a socket name, and was used with the Initial Connection Protocol (ICP), a component of the Network Control Program (NCP) NCP was the forerunner of the modern Internet protocols. Today the terminology service name is still closely connected with port numbers, the former being text strings used in some network functions to represent a numerical port number.

 I will try later to post “well – known ports”.

Reference:wikipedia

HLPSL

The High Level Protocol Specification Language (HLPSL) is an expressive language for
modelling communication and security protocols. HLPSL draws its semantic roots from
Lamport’s Temporal Logic of Actions. TLA is an elegant and powerful language
which lends itself well to specifying concurrent systems. Syntactically, however, specifying protocols in a raw logic can be a daunting task. Moreover, the domain of protocol analysis calls for several syntactic constructs (such as message structure) and semantic concepts (like the notion of an intruder) that are problem-independent and arise in every model. Ideally, it would be convenient to model protocols in a language which offers such commonalities built-in. The development of HLPSL was thus undertaken with the following design objectives:
 •   It must provide a convenient, human readable, and easy to use language yet be
 powerful enough to support the specification of modern Internet protocols. To this
 end, HLPSL has been defined in such a way as to closely resemble a language for
 defining guarded transitions within a state-transition system and is equipped with
 constructs which allow the modular specification of protocols.
• It must enjoy a formal semantics. To this end, HLPSL has been based on Lamport’s
 TLA and its semantics is given by a translation to a subset of TLA.
• It must be amenable to automated formal analysis. This is achieved by a translation
  of HLPSL into the Intermediate Format (IF).

Architecture:

HLPSL is the language through which end users and protocol modellers make use of the

AVISPA (Automated Validation of Internet Security Protocols and Applications) tool-set. As such, it is designed to be accessible: it should be easy for human users to both read and write HLPSL specifications. To this end, HLPSL provides a high level of abstraction and has many features that are common to most protocol specifications – such as intruder models and encryption primitives – built in. In contrast, the Intermediate Format (IF) – the language into which HLPSL specifications are translated – is a lower-level language at an accordingly lower abstraction level.

References: AVISPA IST-2001-39252

Heartbleed Bug

The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected. It allows anyone on the internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. [heartbleed]

This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavedrop on communicatioins, steal data directly from the services and the users and to impersonate services and users. [heartbleed]

It is a software flaw in OpenSSL which is an open source implementation of the Secure Socket Layer / Transport Layer Security (SSL / TLS) encryption protocol. It was found in early April 2014, and it affects major websites, such as Dropbox, Yahoo, Google and other sites that could store privacy data like bankng, credit account, email addresses and so on. [dummies]

Neel Mehta of Google’s security team reported Heartbleed on April 1, 2014 [wikipedia]

Heartbleed bug is not a virus. It allows attackers to send a heartbeat request to a vulnerable server. It is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed. [wikipedia]

A buffer over-read – a computer program, while reading data from a buffer, overruns the buffer’s boundary and reads adjacent memory. This is a special case of violation of memory safety. [wikipedia]

Buffer over-read situation may happens in computer programming languages C and C++, because they do not provide built-in protection against accessing data in any part of virtual memory. But there is a solution to prevent it by bounds checking. [wikipedia]

Heartbleed affects much more than web servers, basically any website that requires you to login with a username and password, are all potentially vulnerable. These websites typically have an address that begins with HTTPS – the ‘S’ stands for ‘Secure’. [dummies]

Android Jelly Bean [4.1.1] is vulnerable to the Heartbleed bug. This means sensitive data on Android smartphones and tablets may be at risk. Google is releaseing a fix, but not all devices are compatible with the fix. [dummies]

What do we need to protect ourselves?

• stay informed
• update your mobile devices
• change your passwords after the fix is installed
• watch for suspicious activity
• look out for scams and copycats

Now it’s a good time to start using a password manager especially if you’re going to change some user logins. A password manager makes it easy to generate randomized passwords using a combination of letters, numbers, and special characters. It also relieves you of having to memorize every one of those overly complex codes. There are many options out there for password managers, but some of our favorites include LastPass, Dashlane, and KeePass. [pcworld]

References:
     dummies      
      heardbleed
     pcworld   
     wikipedia

World Digital Library (www.wdl.org)

On a Sunday, Opamp surfed the databases searching for the papers with keywords Information Retrieval. After downloading the suitable papers,Opamp  created new folder and saved those papers. There, got the paper titled Library Goes Mobile. As the paper is scanned, the whole page can be seen. The paper is from the journal named School Library Journal, issued in May, 2009. There is a tip, site of the month, on same page of the paper, which is one-third of the page on left side. It is written about a site called World Digital Library http://www.wdl.org/.

Fig. The screenshot of World Digital Library (WDL) www.wdl.org

The tip said:

The WDL (world digital library) has the collections from all over the world in which the viewers can access manuscripts, maps, rare books, films, audio, and photographs that relate to the history and culture of the 193 member countries of UNESCO. WDL provides a global context.

The writer of the tip is Kathy Ishizuka.

After reading that tip, Opamp typed www.wdl.org in address bar and browsed the site. The home page shows the world map which describes the resources available in the digital library.

On September 14, 2009, there were 1208 collections in total from 8000 BC to 2009 AD.

On September 18, 2011, while rewriting this article for Sites-Intro, there are 2526 collections in total from 8000 BC to 2010 AD. 

Smaller or Bigger (Unit and its Prefix)

There are units in the measuring. For example metre. 1 metre, 2 metres, 10 metres. But how about 1000 metres? We call it as 1 kilometre. Kilo is equal to 1000. It becomes prefix. When we want small, 1 metre divided by 1000 = 0.001 metre. It is 1 millimetre. Milli is equal to 1/1000. In my school days, I had studied byheart those prefixes : 1 metre 100 centimetres, also 1 metre 1000 millimetre , etc. I could not get them byheart. Then, my father taught me writing the following.

yocto      zepto     atto     femto     pico      nano    micro    milli     centi    deci

deka     hecto    kilo      mega      giga     tera       peta     exa      zetta    yotta


After that he wrote these factors ;

10^-24       10^-21     10^-18    10^-15   10^-12   10^-9      10^-6     10^-3    10^-2      10^-1


10^1          10^2      10^3       10^6     10^9      10^12     10^15     10^18     10^21       10^24