18 Ekim 2011 Salı

 Source of article:  http://javascript.info/tutorial/overview


Let’s see what’s so special in JavaScript, why JavaScript and what other useful technologies exist besides it.

What is JavaScript?

JavaScript is a scripting language, created for making html-pages live. It turns the web into something more powerful than just interlinked html pages.
JavaScript has nothing in common with Java. It is a completely different language with a similar naming. JavaScript has the language specification called ECMAScript.
Programs in JavaScript are called scripts. They need no compilation, you just write a script, append it to HTML-page and it works.
Some people say JavaScript is like Python, some find it similar to Ruby or Self. The truth is that JavaScript is on its own, a really elegant but specific language.

What JavaScript can do?

  • Modify HTML page, write text in it, add or remove tags, change styles etc.
  • Execute code on events: mouse clicks and movements, keyboard input, etc.
  • Send requests to server and load data without reloading of the page. This technology is often called "AJAX".
  • Get and set cookies, ask for data, output messages…
  • …And much, much more!
Modern JavaScript is a generic language. It is not browser-only. There are console programs and server Node.JS written in JavaScript. In this tutorial we’re talking about in-browser JavaScript only.

What JavaScript can’t do?

JavaScript is a generic language, fast and powerful.
But execution in browser context implies certain security limitations.
That’s because you surely don’t want a web-page script to execute with your privileges: read/write on hard disk, install software etc. The script must have strict security limitation not to harm your system, so you can open the page and feel safe. There are non-standard mechanisms of “signing” JavaScript, but not widely supported yet.
Most JavaScript abilities are limited by browser window.

  • JavaScript can’t read/write to hard disk, copy files and call other programs. It doesn’t have direct access to the OS. Newer browsers provide such abilities, but in a very limited and secure way.
  • JavaScript in one tab can’t affect other tabs/windows. There are exceptions, namely when two windows come from same domain.
  • A page with JavaScript can do network requests on it’s own domain without limitations. A request to another domain is also possible, but security measures apply.

What’s so cool in JavaScript?

There are at least three killing points about it.
  1. Full integration with HTML/CSS
  2. Simple things can be done simply
  3. Supported by all browsers and enabled by default
The mix of the advantages cannot be found in any of other technologies.
Also, remember that JavaScript is alive, under constant development. New features are coming, the modern ECMAScript standard brings nice features, new JavaScript engines work better and faster.
When you plan to study a technology, say invest your time, it is always good to overview the trends.
Besides the modern ECMAScript specification, which enhances the language itself, the browsers-makers are adopting features from HTML 5. That’s a related standard, or more precisely a pack of standards, containing many features which people have been wanting for ages.
Just a few:
  • Reading/writing files on visitor’s disk (with proper security to keep it safe).
  • A database embedded into the browser, which allows to store data on client side.
  • Multithreading (can use multiple CPUs).
  • Video playback.
  • Drawing 2d and 3d, with hardware acceleration, just like in modern games.
Most topics of HTML5 are still in “draft” stage, but browsers tend to adopt them.
The title “HTML5” is a bit misleading. As you saw, the new standard is not just about HTML, but about interaction and advanced browser features.

The trend is: JavaScript is enhancing its abilities. It is becoming more and more powerful, trying to reach desktop apps.

Modern browsers improve their engines to achieve higher JavaScript execution speed. They also fix bugs and try to follow the standard.

The trend is: JavaScript is becoming faster and more stable.

It is also very important that new standards HTML5 and ECMAScript 5/6 are mostly compatible with older standards. That means they don’t break existing apps.
Well, to be sincere, there is a minor problem with HTML5, named “Browsers run too fast”. Sometimes browsers adopt a feature which is in not fully described in the standard (draft stage), just because it is so cool they can’t wait.
But then, with time, the standard evolves and changes, so browsers have to reimplement or correct the feature. This breaks the code which relied on the earlier version. So we’d better think twice before using such draft-stage solutions. This mainly refers to an advanced stuff.

The trend is: things are going to be compatible.
Of course as far as we don’t use browser-specific features or early-adopted draft sections of a standard.

Alternative technologies

Abilities of JavaScript in certain areas are limited. That’s why alternative technologies are used.
The point is: all of them play really well with JavaScript. Sometimes, a task can’t be solved by JavaScript, but there are possibilities to use JavaScript + Java or JavaScript + Flash or drop in ActiveX.

Java

As you already know, JavaScript is not Java. In fact, they don’t have much in common besides a name. Java is a different language that allows to write applets and embed them into HTML-page.
A Java applet is a program for a browser just like an executable file. A programmer writes it in Java, then compiles and puts a link on it into HTML. A browser then opens a page, finds the reference to an applet, downloads and executes it (if Java is enabled).
An important difference between a Java applet and JavaScript is their abilities.
  • Java can do everything, just like an installed executable. For security, an unsafe action requires visitor’s confirmation.
  • Java development is easier: IDEs are cool.
  • Java takes more time to load and is heavy to start running.
  • Java needs to be installed and enabled.
  • Java is not integrated with HTML page, it runs in a separate container within the page.

Adobe Flash

Adobe Flash initially appeared as a cross-browser platform and language for multimedia, for making web alive with animation, audio and video. But there are other interesting features in Flash.
A flash movie is a compiled program, written in ActionScript, usually bundles with images and other resources.
  • Great stuff for networking (sockets, UDP for P2P)
  • Support for complex multimedia: images, audio, video is much more advanced compared to HTML5. Camera and microphone are here too.
  • Comfortable IDE for Flash, no browser incompatibilities.
  • Flash has to be installed and enabled.
  • Flash is not integrated with HTML page, it runs in a separate container within the page.
  • Security limitations on Flash are almost as strict as on JavaScript.
As of now, there is a high pressure on Flash monopoly in many areas of it’s use. For example, HTML5 provides means for browser to play video, draw, etc. Browsers which implement HTML5 stuff don’t require Flash to do such things. And most browsers really go forward in making HTML5 features work.
But both Java and Flash functions can call JavaScript and vice versa, so usually a site uses mostly JavaScript, but also Java/Flash in places where JavaScript can’t cope.

ActiveX, browser plugins/extensions

ActiveX is a great, but IE-only thing. It allows to write a program in C language which integrates with the page if the visitor allows.
  • Integrated with HTML/CSS
  • Written in C, hence very fast and featured.
  • Can do everything if the visitor allows it to install.
  • Internet Explorer only. Chrome has partial support that has to be enabled.
  • Development of ActiveX is difficult.
Programs on Windows provide interfaces which can be used by ActiveX. So, a page can call Microsoft Word, or load a document into Excel, etc.
Other browsers allow to write plugins and extensions using NPAPI.
Personally, I’m not a Microsoft fan. But I saw great applications done with ActiveX, and I can understand why people are using it and bind themselves to Windows/IE.

Other technologies: Silverlight, XUL, VBscript

These technologies are much less widespread.
  • XUL is a language for interfaces, useful if you only write for Mozilla browsers or making extensions to Firefox. Also used for desktop applications.
  • Silverlight is an Adobe Flash competitor from Microsoft based on .NET. It runs best on Windows, the cross-platform support improves gradually time. Mostly used for Windows-based applications and intranet.
  • VBscript is an outdated attempt of Microsoft to do a JavaScript-like language based on Visual Basic. It is not being developed, VBScripts lack many abilities of JavaScript and hence are almost not used in modern web programming.

Summary

JavaScript is unique because it is a wide-spread and it’s integration with HTML/CSS is best.
JavaScript has the bright and more-or-less compatible future.
But a good JavaScript programmer should keep other technologies in mind too. For example, Flash, Java have their own unique features. They are able to call JavaScript functions and vice versa.
So there are tasks which can be solved using a combinations of JavaScript + Flash, JavaScript + Java.
Examples are: selecting uploading multiple files at once (Flash), using camera and microphone (Flash), doing complex multimedia and graphics, including calculations (Flash, Java) and much more. You’ll meet them on your way.

7 Ağustos 2011 Pazar

Traceroute - Notes

 When traceroute command is issued, the host sends n special packets to n-1 nodes on the way. Each packet is actually numbered and the recipient of that packet responds with a packet itself. The round trip delay is then calculated as the total amount of elapsed time.

As we know when sending UDP ICMP messages a TTL value (time to live) is attached to the packet. That's the mechanism that help identify the destination. How could we know how many nodes we have until we reach our destination? The answer is that, first packet is sent out with TTL equals to 1, meaning that the first node on our route will receive the packet, drop the TTL by 1, then send back a rejection message with its hostname. That's how we get the nodes' names. When the destination host is reached our packet will most likely be rejected (since it is sent on an uncommon port, i.e 33000) and the destination will send back a destination unreachable message, thus informing us that the destination has been reached. 

26 Ekim 2010 Salı

IEEE 802.1x?

Understanding what the IEEE 802.1X standard is and why you should care means understanding three separate concepts: PPP, EAP and 802.1X itself.


PPP and EAP defined

Most people are familiar with PPP - Point-to-Point Protocol. PPP is most commonly used for dial-up Internet access. PPP is also used by some ISPs for DSL and cable modem authentication, in the form of PPP over Ethernet. PPP is part of Layer 2 Tunneling Protocol, a core part of Microsoft's secure remote access solution for Windows 2000 and beyond.

PPP evolved beyond its original use as a dial-up access method and iis now used all over the Internet. One piece of PPP defines an authentication mechanism. With dial-up Internet access, that's the username and password you're used to using. PPP authentication is used to identify the user at the other end of the PPP line before giving them access.

Most enterprises want to do more for security than simply employing usernames and passwords for access, so a new authentication protocol, called the Extensible Authentication Protocol (EAP), was designed. EAP sits inside of PPP's authentication protocol and provides a generalized framework for several different authentication methods. EAP is supposed to head off proprietary authentication systems and let everything from passwords to challenge-response tokens and public-key infrastructure certificates all work smoothly.

With a standardized EAP, interoperability and compatibility of authentication methods becomes simpler. For example, when you dial a remote-access server and use EAP as part of your PPP connection, the RAS doesn't need to know any of the details about your authentication system. Only you and the authentication server have to be coordinated. By supporting EAP authentication a RAS server gets out of the business of acting as middle man, and just packages and repackages EAP packets to hand off to a RADIUS server that will do the actual authentication.

This brings us to the IEEE 802.1X standard, which is simply a standard for passing EAP over a wired or wireless LAN. With 802.1X, you package EAP messages in Ethernet frames and don't use PPP. It's authentication and nothing more. That's desirable in situations in which the rest of PPP isn't needed, where you're using protocols other than TCP/IP, or where the overhead and complexity of using PPP is undesirable.

802.1X uses three terms that you need to know. The user or client that wants to be authenticated is called a supplicant. The actual server doing the authentication, typically a RADIUS server, is called the authentication server. And the device in between, such as a wireless access point, is called the authenticator. One of the key points of 802.1X is that the authenticator can be simple and dumb - all of the brains have to be in the supplicant and the authentication server. This makes 802.1X ideal for wireless access points, which are typically small and have little memory and processing power.

The protocol in 802.1X is called EAP encapsulation over LANs (EAPOL). It is currently defined for Ethernet-like LANs including 802.11 wireless, as well as token ring LANs such as FDDI. EAPOL is not particularly sophisticated. There are a number of modes of operation, but the most common case would look something like this:



1. The authenticator sends an "EAP-Request/Identity" packet to the supplicant as soon as it detects that the link is active (e.g., the supplicant system has associated with the access point).

Taking a S.O.F.T. Approach Towards Enterprise Mobility Deployments: Download now

2. The supplicant sends an "EAP-Response/Identity" packet to the authenticator, which is then passed on to the authentication (RADIUS) server.

3. The authentication server sends back a challenge to the authenticator, such as with a token password system. The authenticator unpacks this from IP and repackages it into EAPOL and sends it to the supplicant. Different authentication methods will vary this message and the total number of messages. EAP supports client-only authentication and strong mutual authentication. Only strong mutual authentication is considered appropriate for the wireless case.

4. The supplicant responds to the challenge via the authenticator and passes the response onto the authentication server.

5. If the supplicant provides proper identity, the authentication server responds with a success message, which is then passed onto the supplicant. The authenticator now allows access to the LAN -- possibly restricted based on attributes that came back from the authentication server. For example, the authenticator might switch the supplicant to a particular virtual LAN or install a set of firewall rules.

How does 802.1X help wireless security?

The 13-year-old Wired Equivalent Privacy (WEP) protocol has been discredited so thoroughly that its authentication and encryption capabilities are not considered sufficient for use in enterprise networks. In response to the WEP fiasco, many wireless LAN vendors have latched onto IEEE 802.1X standard to help authenticate and secure both wireless and wired LANs. The wildcard with 802.1X protocol is interoperability.

802.1X authentication helps mitigate many of the risks involved in using WEP. For example, one of the biggest problems with WEP is the long life of keys and the fact that they are shared among many users and are well known. With 802.1X, each station could have a unique WEP key for every session. The Authenticator (Wireless Access Point) could also choose to change the WEP key very frequently, such as once every 10 minutes or every 1000 frames. 802.1X does not guarantee improved security. For example, an authenticator might never change the key it hands out to each supplicant. Or, the network manager might select an authentication method that does not allow for distribution of WEP keys. 802.1X does, however, give the informed network manager the potential to design and implement a more secure WLAN.

5 Eylül 2010 Pazar

DMZ Nedir?

Ref: http://www.sorucevap.com/bilisimteknolojisi/ders.asp?206632


"DMZ: De-Militirizied Zone.




Networkte farzedin ki , bilgisayar diskinizde yapmis oldugunuz partion ayarlari yapacaksiniz. Oyle bir partition ki, guvenlik ayarlari farkli olacak; bir nevi sivil-asker kumelerinden olusan bir gruplama yapacaksiniz. Iste bu noktada karsiniza cikacak olan oge DMZ adi verilen ogedir.



DMZ ile Public IP lerin networke sizin verdiginiz izinler dogrultusunda

erisimi gerceklenecektir.



Farzedin ki networku iki ogeye ayirdiniz: Local intranet ve DMZ olarak.

Local intranette clientlariniz, printerlariniz olsu; DMZ tarafinda ise mail server, file server, web server bulunsun.

Isteginiz su olsun: Her iki taraf da irternete cikabilsin, Public IP ler ise

local intranete erisemesin, DMZ te de izinler olcusunde erisim gerceklensin. Nasil mi olacak, biraz daha detaya girelim:



Elinizde bulunmasi gereken ogeler:

Router, Firewall, uc tane switch. (Firewall olmazsa olmaz sart degildir ama guvenlik ayarlarini highlevel olarak gerceklemek istiyorsaniz kacinilmaz oge olacaktir)

Konfigurasyon: Internet hattini routera verdikten sonra , router ile switchi baglayin. Switchi Firewalla girin. Firewallun uc tane ethernet karti olacak. External, internal, DMZ aglarina giden kartlar. External karta Switchten gelen kabloyu baglayin. (Istege bagli olarak Firewall direk routera verilebilinir)

Internal agi internal karta, DMZ agini DMZ kartina baglayin.

Internal networkte 3 tane makina ve bir de printer olsun.

DMZ te ise mail server, file server, web server olsun.

Internal network ayarlari:

Internal network IP niz 192.0.0.0 olsun ; subnet mask 255.255.255.0

DMZ network IP niz 192.0.1.0 olsun; subnet mask 255.255.255.0

Internal networkteki uc makinaya su IP leri verin:

192.0.0.1; 192.0.0.2; 192.0.0.3 Subnet Maskleri hep ayni olsun.

Printerin IP si de 192.0.0.4.

DMZ teki mail server IP si; 192.0.2.1 web server IP si 192.0.2.2 ve file server IP si 192.0.2.3 olsun.

SImdi gelelim firewalla.

Firewallda External Kart icin gireceginiz external IP, ISP tarafindan size verilen external network Public IP ranginden bir IP olacaktir.

Pratikte bu rangiteki ilk IP routera, ikincisi Firewalla , ve sirasi ile mail server, web servera , ... verilir.

ISP nin vermis oldugu network IP si soyle olsun : 64.172.64.10 ve 16 tane IP sizin olsun. O zaman router IP niz 62.172.64.10 olacak.

Simdi External kart icin external IP soyle oldugunu varsayalim: 64.172.64.11 .

Mail server external IP niz 64.172.64.12 ve web server external ip niz ise 64.172.64.13 olsun.

Simdi, sorumuz ne yapmak istiyoruz: Yapmak istedigimiz firewall uzerinde gerekli ayarlamalarla Internal IP ler internete cikacak; DMZ internete cikacak; Public IP ler DMZ te sadece mail serverda POP ve web serverda http/https/ftp portlarindan adi gecen serverlara access yapabilecek:

Firewalla gidip; NAT (Network address translation) ayarlarini oncelikle yapmamiz gerekecektir. Burada internal bacagin NAT adresi

64.172.64.15 olsun. DMZ te ise mail serverin NAT adresi olarak mail serverin Public IP sini; web serverin NAT adresi olarak yine bunun IP adresini vermemiz gerekecektir. Simdi Firewalla eklemeniz gereken rulelar:

1) Any source, Internal IP ye, any erisim yapmak isterse: Drop (Istege bagli Reject)

2) Any source, DMZ teki Serverlara http,ftp,https erisimi yapmak isterse accept.

3) Any source, DMZ teki Serverlara any erisim yapmak isterse Reject



TABI bu ayarlar istege gore degisecektir. MESELA FTP YAPILMASI ISTENMIYORSA , FTP SERVIS ISTEGI DROP VEYA REJECT YAPILMASI GEREKIR.

Oncelikle kim nereye ulasabilir, hangi haklarla....sorusu cevaplanmali ve hersey onceden planlanmalidir.



Saygilar. "

30 Ağustos 2010 Pazartesi

System State Backup

Ref: http://blog.korteksolutions.com/system-state-backup-in-sbs-2008/


System State Backup in SBS 2008


[Today's post comes to us courtesy of John Bay]





The normal backup that SBS 2008 creates contains all the necessary information to restore the entire server. The normal SBS backup includes the system state data. You may wish to create a system state backup of the machine before you make critical changes to the machine or active directory. The ability to take just a system state backup is not exposed in the GUI interface of backup. If you wish to take just a system state backup you must use the wbadmin.exe utility. WBadmin.exe is a command line utility. You must first open a command prompt as administrator.





The command to start a system state backup is:





Wbadmin start systemstatebackup -backuptarget:F:





Where F: is the drive where you wish to store the system state backup.





The target volume for a system state backup cannot be a source volume by default. A source volume is any volume that has a file that is included in the backup. To change that behavior, you can add the AllowSSBToAnyVolume registry entry to the server. However, there are known issues with storing a system state backup on a source volume:





Backups can fail. The backup can be modified during the backup process, which might cause the backup to fail.



It causes an inefficient use of target space. Twice the amount of space is necessary for a backup than for the original data. The volume must allocate twice the amount of space for the shadow copy process.



The path for adding the new registry entry is as follows:





HKLMSYSTEMCurrentControlSetServiceswbengineSystemStateBackupAllowSSBToAnyVolume

Type: DWORD

Value: 1





A value of 0 prevents the storing of system state backup on a source volume. A value of 1 allows the storing of system state backup on a source volume.





The backup process will create a directory on the target drive named WindowsImageBackup. This directory will contain the system state backup of the server. The system state backup of an SBS 2008 server is considerably larger than the same backup on an SBS 2003 server. The average system state backup size is around 11GB.





If you wish to restore a system state backup, you must first reboot the server into Directory Services Restore Mode (DSRM). Once in DSRM, you would open a command prompt with administrator rights and use the following commands to start the restore.





We must first determine the version of the backup that you wish to restore.





The command WBADMIN GET VERSIONS will display all the backups on the machine and the version identifier.





The output will look similar to this:





Backup time: 10/7/2008 3:33 PM

Backup target: Fixed Disk labeled D:

Version identifier: 10/07/2008-20:33

Can Recover: Application(s), System State





This backup job was completed on 10/7/2008 at 3:33pm and was saved to drive D:. The backup job has the ability to restore the system state and is version identifier 10/07/2008-20:33





Once we have located the version identifier, we can initiate the restore by using the following command:





WBADMIN START SYSTEMSTATERECOVERY -version:





Where version id is the version identifier you obtained with the Get Versions command.





For our example the command would be:





WBADMIN START SYSTEMSTATERECOVERY -version: 10/07/2008-20:33





WBADMIN will restore the system state information back to the data from the backup. Once the restore process is complete, you will have to reboot the machine into normal mode to complete the restore.

26 Ağustos 2010 Perşembe

Checksum nedir?

Checksum, dijital bir verinin rakamlarla temsili olarak tanımlanabilir. Bu temsil, genellikle orijinal verinin taşınması, iletilmesi gibi durumlarda orijinalden sapmalar, yanlışlıklar, eksiklikler olup olmadığını anlamada kullanılır.