Bash commands

- pwd

- cd

- ls

- mkdir

- cp

- mount /dev/md1 /mnt/jasondrive

- umount /mnt/md1

- mv

- nano (editor)

- rm -r images/ (recursive)

- locate

- updatedb

- man ls (display information on the command ls)

- useradd --shell /sbin/nologin tomcat6 (or just edit /etc/passwd file)

- useradd --shell /sbin/nologin --home-dir /usr/local/tomcat6 tomcat6

- usermod --append --groups groupname username

- groupadd groupname (or just edit /etc/group file)

- groupmod

- groupdel

- tar czvf archive.tar.gz [file1 file2...]

- tar cjvf archive.tar.bz2 [file1 file2...]

- su (substitute user)

- su - root

- sudo (execute a command with the specified account)

- /etc/sudoers (this file lists all users that are allowed to use sudo and the commands that are allowed to be executed)

- visudo

- df -h (disk free)

- free (displays the current system memory usage)

- yum install package

- chmod who+/-what filename

- chmod +x script.sh (make script.sh executable)

- chmod go-rwx photo.jpg (g: group, o:others, a:all, u:user/owner) no one can access the photo other than the owner.

- chown user filename

- chgrp group filename

- chown jason photo.jpg (the new owner of photo.jpg is the user "jason"

Execute:

- ./my-app (forces shell to look for files in the current working directory only)

- /home/jason/programs/my-app

- my-app (if /home/jason/programs is in the PATH)

System services:

- /etc/init.d/name command

- start / stop / restart / reload / status

Process management:

- ps aux (lists all processes)

- ps aux | grep gcpmain

- top

- kill pid (kill 12075)

- kill -9 pid

Directory

- /bin (common exe)

- /boot (critical files used at boot time)

- /dev (device and special files)

- /etc (system-wide config files)

- /home

- /lib (system-wide shared libraries and kernel modules)

- /media (list mount points for devices such as USB devices)

- /mnt (temporarily mounted filesystems

- /opt (optional software packages)

- /proc (kernel and process information virtual file system)

- /root (root user home directory)

- /sbin (system binaries dedicated to system admin)

- /srv (service data)

- /tmp (temporary files)

- /usr (read-only user data)

- /var (files that are expected to be modified by running apps)

- /dev/null

- /dev/random (random number generators)

- /dev/urandom (streams that generate flows of random numbers)

- /dev/full (pseudo device is a stream that returns an error when written to and is always considered full)

- /dev/zero (always considered empty)

Running Tomcat as Non-Root User

I don't believe there any issues with running Tomcat as root user. However, for the more security-conscious readers out there, here are some instructions on running Tomcat as a non-root user.

At this stage, the Tomcat packages, files and binaries are owned by root. We will first need to create a Tomcat user and group that will own these files, and under which Tomcat will run.

Tomcat User :: tomcat

Tomcat Group :: tomcat

Not too imaginative, huh ? We will now create the Tomcat user and group. Open a terminal window and, as root,

# groupadd tomcat
# useradd -g tomcat -d /opt/tomcat tomcat
# passwd tomcat

Notice that we specified the home directory of Tomcat to be /opt/tomcat. Some people believe that this is good practice because it eliminates an additional home directory that needs to be administered.

Now, we will put everything in /opt/tomcat under Tomcat user and group. As root,

# chown -R tomcat:tomcat /opt/tomcat

If /opt/tomcat is a symlink to your Tomcat install directory, you'll need to do this:

# chown -R tomcat:tomcat /opt/jakarta-tomcat-5.x.xx

Verify that JAVA_HOME and CATALINA_HOME environment variables are setup for tomcat user, and you should be good to go. Once the Tomcat binaries are under Tomcat user, the way you invoke it will be different.

To start Tomcat,

# su - tomcat -c /opt/tomcat/bin/startup.sh

To stop Tomcat,

# su - tomcat -c /opt/tomcat/bin/shutdown.sh

Also, be aware that your web applications will need to be deployed (i.e. copied to the web application directories) as user tomcat, instead of root. A little more hassle, but possibly a little safer too.

Note that, the JVM is a virtual machine with many threads under the same process. Therefore, because of OS constraints - all threads in the same process must run under the same user id. No thread may run as root unless they are all root. This is a limitation of the JVM.

Apache doesn't have this limitation since it uses multiple processes to do its work.

In Linux, a process can start as root, do some work then change its user id to something less via a OS system call. But once you switch down, you're stuck and can't go back.

MySQL Options

To start MySQL you simply specify mysql in a console window and press Return. The mysql programs are normally installed in the directory /usr/bin, so that it is unnecessary to provide the name of the directory.

When you start mysql you can use various options. To get a connection to the server you generally need two options, namely, -u name -p. The following list describes these and a few additional options and also gives some background information. These options are not only for mysql, but also for mysqladmin, mysqldump, and most other command tools.

-u name or —user=name: This option specifies which MySQL user name you wish to use. Depending on how MySQL is configured, there can be many MySQL users (see also Chapter 11). If no users have yet been set up or if you have administrative tasks to perform, use the user name root.

This user exists in every MySQL installation and is considered the system administrator.
If you omit the option -u, then under Unix/Linux the current login name will be used, while
under Windows, it will be ODBC. A login is possible only if users with these names have been
set up on the MySQL server.

The structure of an RPM package

The Red Hat Package Manager (RPM) is a tool that facilitates installing, uninstalling, and upgrading software for your Red Hat Linux system. It is a file that contains executable programs, scripts, documentation, and other files needed by an application or software unit. RPM packages are generally named using a convention that lets you determine the name of the package, the version of the software, the release number of the software, and the system architecture for which the application is intended. The following diagram shows how the components of a package name are arranged:

(1) Name

(2) Version

(3) Release

(4) Architecture

When you update a package, RPM installs the new version of the software but attempts to leave your existing configuration files intact. You can update a package by using the -U option of the rpm command:

rpm -Uvh  package 

When you update a package, RPM automatically uninstalls the old version of the package before installing the new one.

http://www.ibm.com/developerworks/linux/library/l-rpm2/index.html

Tomcat user

For security reasons, tomcat should run with low privileges. Create a tomcat user and set that user’s login shell to /sbin/nologin and locking the user’s password so that it can’t be guessed. Also, it’s probably a good idea to make the tomcat user’s primary group the nobody group or another group with similarly low permissions.

To create the tomcat user, you will need to do this as the root user:

# useradd -g 46 -s /sbin/nologin -d /opt/tomcat/temp tomcat

If you do not have root access, you could run Tomcat as your login user, but beware that any security vulnerabilities in Tomcat could be exploited remotely as your user account.

Tomcat user

For security reasons, you should probably create a tomcat user with low privileges and run Tomcat as that user. We suggest setting that user’s login shell to /sbin/ no login and locking the user’s password so that it can’t be guessed. Also, it’s probably
a good idea to make the tomcat user’s primary group the nobody group or another group with similarly low permissions. You will need to do this as the root user:

# useradd -g 46 -s /sbin/nologin -d /opt/tomcat/temp tomcat

If you do not have root access, you could run Tomcat as your login user, but beware that any security vulnerabilities (which are extremely rare) in Tomcat could be exploited remotely as your user account.

Relaying port 80 to port 8080

It is true that the JVM process must run as the root user in order to open a server socket on port 80 on non-Windows operating systems. But, the JVM would not need to run as root if something outside the JVM process could relay all port 80 TCP connections to Tomcat on some port higher than 1024 (such as port 8080, for example).

Tomcat can open its web server on port 8080, andsomething else with the proper permissions can relay port 80 TCP connections to Tomcat’s port 8080. This is often referredto as port relaying or net filtering and is such a handy and common feature that there are more ways than one to do this on any given operating system.

You can route all port 80 TCP connections to all network destinations that the machine is configured for by entering these two commands:

# iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

# iptables -t nat -I OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080

They will add the necessary relaying rules to your iptables configuration. This tells the kernel that all TCP connections destined for the machine on port 80 need to be redirected to port 8080.

Understanding the comcat-users.xml file

Tomcat's user database realm uses the tomcat-users.xml file by defaut and reads the entire file into memory.

Every Servlet 2.4 web application must contain a web.xml deployment descriptor. This file must be placed in the WEB-INF directory of the web application.

However, Tomcat comes with a default web.xml in CATALINA_HOME/conf. This file is similar to a web application's web.xml file but is used to specify the default properties for all web applications that are running within this server instance.

Cryptography

Basics of web cryptography:
(1) Symmetric:
- DES - fixed length key of 56 bits.
- 3DES - fixed length key of 168 bits (112 effective)
- Blowfish - variable length key up to 448 bits. Fast and free.
- IDEA - fixed length key of 128 bits. Fast, patented, and free for non-commercial use.
- RC4 - keys can be anywhere from 1 to 2,048 bits long (40 and 128-bit key lengths are commonly used.) RC4 is very fast and in widespread use.
- AES - keys can be 128, 192, or 256 bits long. Chosen to replace DES and 3DES.

(2) Asymmetric:
- RSA (Rivest, Shamir, Adleman) - public-key cryptography system.
- DSA (Digital Signature Algorithm) -
- Eliptic Curve - a mathematically different approach to public-key encryption.

(3) Hashing:
- MD5 - produces 128-bit output from input of any length. Released as RFC-1321.
- SHA-1 - produces 160-bit output from input of any length.
- SHA-256, SHA-384, and SHA-512.

(4) Certificates:
- Self-signed certificates - useful in some instances.
- Certificates signed by a private CA - used only for inernal purposes among a limited circle of users. This is similar to employee passes.
- Certificates signed by a public CA -

(5) SSL
- SSL3.1 is the same as TLS 1.0 is defined in RFC-2246
- SSL requires one exlcusive IP address per we site.
- RFC-2817 defines a way to upgrade from non-SSL to SSL communication.

A client MAY offer to switch to secured operation during any clear
 HTTP request when an unsecured response would be acceptable:

     GET http://example.bank.com/acct_stat.html?749394889300 HTTP/1.1
     Host: example.bank.com
     Upgrade: TLS/1.0
     Connection: Upgrade

 In this case, the server MAY respond to the clear HTTP operation
 normally, OR switch to secured operation (as detailed in the next
 section).

- SSL is a hybrid protocol. Every SSL connections consists of essentially two phases:
(a) Handshake phase - during this phase, the server sends the client its certificate and the client verifies the server's identity using public-key cryptography. In some cases, the server also requires the client to have a certificate, and client verification is also performed. After server verification is complete, the client and server agree on a common set of encryption protocols and generate a set of private cryptography secret keys.
(b) Data-exchange phase - with secret keys agreed on and known to both parties, the communication resumes using fast symmetric encryption protocols until both parties agree to close down the communication channel.
- OpenSSL:
$ openssl s_client -host www.thawte.com -port 443
- to generate a private key
$ openssl genrsa -out server.key 1024
- to extract the public key from the private key
$ openssl rsa -in server.key -pubout
- to generate a certificate signing request (CSR)
$ openssl req -new -key server.key -out server.csr
- to sign your own certificate
$ openssl x509 -req -days 35 -in server.csr -signkey server.key -out server.crt


ServerName www.apachesecurity.net
DirectoryRoot /var/www/empty
RedirectPermanent / https://www.apachesecurity.net/









Named-based Virtual Hosting

MySQL Security

Managing and Using MySQL - 2nd Edition:
- Database administrators manage access to the database engine itself. They provide access to individual databases for specific applications and developers. They also make sure that a poorly designed application cannot be used as a tunnel into the data of another application.
- System administrators manage the security of the OS and hardware on which MySQL runs. Their job is to ensure that only MySQL DBAs have access to the physical files used by MySQL on a given machine.
- Database architects design the access to thea pplications to which the DBAs have granted access. A DBA, for example, may have given a web site full privileges to its database, but it is up to the database architect to ensure that only valid application users are taking advantage of those privileges.

In a production environment, a user is likely to be an application. The DBA creates a user ID and password to support the application, and database security controls how that application is allowed to interact with MySQL. The application can then pass on its rights to individual users of the application by acting on their behalves to access MySQL.

It is critical to assign a password to the MySQL root user as soon as you install MySQL.

$ mysqladmin -u root password 'password'

Note that the above command only works when the MySQL root password has not been set.

If you have two web sites using the same MySQL installation to store their data, you might create tow separate users to represent those applications. You can use these two separate user IDs to protect each application from the other.

MySQL in a chrooted Environment

Running a server in a chrooted environment greatly enhances overall system security on a Linux system. It does this by setting up an isolated environment in which files outside of a given directory are no longer accessible. That way, even if a security flaw is found in the server and exploited, the potential for damage is limited to the files in that directory, which should only be the files for that particular application.

HTML 5 Web Sockets

HTML 5 WebSockets

The HTML 5 specification introduces the Web Socket interface, which defines a full-duplex communications channel that operates over a single socket and is exposed via a JavaScript interface in HTML 5 compliant browsers.

Unlike Comet and Ajax, Web Socket is native to the browser, and only requires a single connection to maintain both upstream and downstream data to and from the browser. Note, that to support streaming over HTTP, Comet requires a long-lived connection, which is often severed by proxies and firewalls. In addition, few Comet solutions support streaming over HTTP, employing a low performance technique called "long-polling" instead.

By moving to a single, streaming channel of communications, we can overcome the inadequacies of techniques such as long-polling and "forever frames," and as a result further reduce latency.

[Constructor(in DOMString url)]
interface WebSocket {
readonly attribute DOMString URL;
// ready state
const unsigned short CONNECTING = 0;
const unsigned short OPEN = 1;
const unsigned short CLOSED = 2;
readonly attribute int readyState;
// networking
attribute EventListener onopen;
attribute EventListener onmessage;
attribute EventListener onclosed;
void postMessage(in DOMString data);
void disconnect();
};

To connect to an end-point, just create a new Web Socket instance, providing the new object with a URL that represents the end-point to which you wish to connect (See listing 2). Note that a ws:// and wss:// prefix indicate a Web Socket and a secure Web Socket connection, respectively. A Web Socket connection is established by upgrading from the HTTP protocol to the Web Socket protocol during the initial handshake between the client and the server, over the same underlying TCP/IP connection. Once established, Web Socket data frames can be sent back and forth between the client and the server in full-duplex mode. The connection itself is exposed via the onMessage and postMessage methods defined by the Web Socket interface.

var myWebSocket = new WebSocket("ws://www.websocket.org");

Before connecting to an end-point and sending a message, you can associate a series of event listeners to handle each phase of the connection life-cycle.

myWebSocket.onopen = function(evt) { alert("Connection open ..."); };
myWebSocket.onmessage = function(evt) { alert( "Received Message: " + evt.data); };
myWebSocket.onclose = function(evt) { alert("Connection closed."); };

To send a message to the server, simply call postMessage and provide the content you wish to deliver. After sending the message, call disconnect to terminate the connection.

myWebSocket.postMessage("Hello Web Socket! Goodbye Comet!");
myWebSocket.disconnect();

Firewalls and Proxies? No Problem

One of the more unique features Web Socket provides is its ability to traverse firewalls and proxies, a problem area for many Comet-enabled applications. Comet-style applications typically employ long-polling as a rudimentary line of defense against firewalls and proxies. The technique is effective, but is not well suited for applications that have sub-500 millisecond latency or high throughput requirements. Plugin-based technologies such as Adobe Flash, also provide some level of socket support, but have long been burdened with the very proxy and firewall traversal problems that Web Sockets now resolve.

A Web Socket detects the presence of a proxy server and automatically sets up a tunnel to pass through the proxy. The tunnel is established by issuing an HTTP CONNECT statement to the proxy server, which requests for the proxy server to open a TCP/IP connection to a specific host and port. Once the tunnel is set up, communication can flow unimpeded through the proxy. Since HTTP/S works in a similar fashion, secure Web Sockets over SSL can leverage the same HTTP CONNECT technique.

Any RIA, Any Time

In addition, the Web Socket protocol can be used to support a diverse set of clients (e.g. JavaScript, Adobe Flex, JavaFX, Microsoft Silverlight, etc.). However, the HTML 5 specification only defines support for JavaScript, which is limited to text-based protocols. To serve other client-types and support binary protocols you will need to look to vendor offerings.

SIP DTMF Signalling - voip-info.org

SIP DTMF Signalling - voip-info.org

There are 3 common ways of sending DTMF on SIP calls:

- SIP INFO packets

- As specially marked events in the RTP stream

- As normal audio tones in the RTP stream with no special coding or markers.

RFC-2833 defines signalling for various events:

- DTMF tones

- Fax-related tones

- Standard subscriber line tones

- Country-specific subscriber line tones

- Trunk events

NTE means Named Telephony Events. These are the events and their encoding:

Event (0-9) - encoded as 0-9 decimal

Event (*) - encoded as 10 decimal

Event (#) - encoded as 11 decimal

Event (A-D) - encoded as 12-15 decimal

Event (Flash) - encoded as 16 decimal

Etc...

DTMF delivery options in SIP

With in a VoIP conversation, DMTF tones are delivered either in-band (as a beep), or out-of-band via SIP or RTP signaling messages. 3CX Phone System supports both

In-band

Incoming stream delivers DTMF signals in-audio independently of codecs – in this case the 3CX Phone System Media Server listens to the audio stream, and will detect DTMF signals.

1. Delivery to DR or VM: Efficiency of DTMF detection depends on audio quality. Dropped packets will also reduce audio quality.
2. Delivery to some external party (typically via gateway or provider): DTMF strokes are recognized from the in-audio stream, and delivered to the external party in 2 forms – in-audio (leaving audio content unchanged) and additionally via RFC2833.
3. Delivery to MS Exchange 2007 IVR: DTMF strokes are recognized from the in-audio stream, and delivered to the external party in 2 forms – in-audio (leaving audio content unchanged) and additionally via RFC2833. Please note that since MS Exchange 2007 IVR does not provide in-audio recognition, it will only use RFC2833 delivery mechanism.

Out-of-band

Incoming stream delivers DTMF signals out-of-audio using either SIP-INFO or RFC-2833 mechanism, independently of codecs – in this case the DTMF signals are sent separately from the actual audio stream.

1. Delivery to DR or VM: These are passed through as received.
2. Delivery to some external party (typically via gateway or provider): These are passed through as received. The external party must support the corresponding delivery mechanism if DTMF strokes are to be recognized. Effectively this means that if DTMF is received with SIP-INFO, it is forwarded also as SIP-INFO. If your VoIP Provider requires RFC2833 DTMF delivery, then it will be necessary to ensure all SIP Phones are configured to deliver DTMF using RFC2833.
3. Delivery to MS Exchange 2007 IVR: These are passed through as received.

Note:

SIP-INFO is not recommended for DTMF delivery, since it cannot deliver strokes synchronously with the audio stream, introducing timing artifacts (mainly because it’s delivered using SIP, which is not a real-time mechanism for delivering media). It is very common for public services to NOT support SIP INFO, and it seems unlikely that such services will improve support for this delivery mechanism.

Cisco and RFC-2833

The following Cisco’s IP phones do not support RFC2833 DTMF-Relay:

• 7902
• 7905
• 7910
• 7912
• 7940
• 7960

All digits are sent out of band in either SCCP or SIP signaling packets depending on the phone firmware. These phones are referred to as Type A phones in the Cisco Unified Communications Manager 6.x SRND (Solution Reference Network Design) guide available at www.cisco.com/go/srnd.

New Cisco phones support RFC2833 DTMF Relay when registered with Cisco Unified Call Manager versions 5.0 and later. These phones include the following:

• 7906
• 7911
• 7941
• 7942
• 7945
• 7961
• 7962
• 7965
• 7970
• 7971
• 7975

SIP trunks in Cisco Call Manager 5.0 supports RFC2833 DTMF-Relay. RFC2833 supports is very important for multi-vendor interoperability since this is the preferred way of exchanging DTMF digits between vendors.

Call Manager 4.x used MTP (Media Termination Point) media resources to convert out of band SIP Notify DTMF messages into RFC2833 in-band (RTP) messages.

Note that Cisco's JTAPI connections used for CTI ports in CUCM only support out of band DTMF messages.

Gzip and Tar

Gzip:

1. Gzip is used to compress a file. To zip "thisfile", type gzip thisfile. You'll get a file named thisfile.gz.
2. $gzip thisfile
3. $thisfile.gz
4. To unzip thisfile.gz, type gunzip thisfile.gz.
5. $gunzip thisfile.gz
6. Gzip supports 9 levels of compression; 1 being the fastest and least compressed; 9 being the slowest and most compressed; 6 being the default. To get the best compression, use the command: gzip -9 readme

Tar:

1. Tar is used to pack the entire contents of a directory or directories into a single file called a tarball.
2. Tar preserves the entire directory organization including file ownership, permissions, links, and the directory structure.
3. The most commonly used tar functions are:

• c - create an archive
• x - extract files from an archive
• t - list the contents of an archive

• v - verbose
• f filename - use the specified file
• z - gzip/gunzip

Examples: Back |up the contents of the home directory for gemini (/home/gemini) in a tarball called a.tar on a floppy disk.

1. 
   mount /floppy
   cd /home
   tar -cvf /floppy/a.tar gemini
   
   Explanation:
   • Change to the parent of the /home/gemini directory.
   • Create a backup of gemini in the file /floppy/a.tar.
     
2. Now, check the contents of the tarball that you just created.
   
   cd /floppy
   tar -tvf a.tar
   
3. Back |up the contents of the etc directory in an archive called etc.tar . Make sure that the archive is created in your own home directory.
   
   cd /
   tar -cvf ~/etc.tar etc
   
   Explanation:
   • Change to the parent of the /etc directory.
   • Create a backup of etc in the file ~/etc.tar
     
4. Back |up and compress the contents of the home directory into the tarball home.tgz on a floppy disk.
   
   mount /floppy
   cd /
   tar -cvzf /floppy/home.tgz home
   
   Explanation:
   • change to the parent of the /home directory
   • Create a compressed backup of home in the file /floppy/home.tgz.
     
5. Now check the contents of the archive that you just created.
   
   cd /floppy
   tar -tvzf home.tgz
   
6. Unpack the archive home.tgz on your floppy.
   
   cd /floppy
   tar -xvzf home.tgz
   
   Explanation:
   • change to the /floppy directory
   • unpack and unzip the tarball home.tgz

The four principles

(1) Don’t build features that nobody needs right now

(2) Don’t write more specs than you can code

(3) Don’t write more code than you can test

(4) Don’t test more code than you can deploy

Basic principles of copyright law

Under the laws of the United States and most European countries, copyright is automatically attached to every novel expression of an idea, whether through text, sounds, or imagery. For example, your diary entries, personal letters, song lyrics, and drawings, even if they are only done in the most casual of circumstances.

Say, for example, you doodle a drawing of a fish on a piece of napkin. That drawing is copyrighted simultaneously with its creation and is your property. Your drawing cannot be copied, displayed, or exploited by any person other than you for the life of the copyright. In addition, no person other than you can create "derivative works" from the original drawing.

Note that copyright law does not protect any particular idea, just the expression of that idea. Your particular drawing of fish does not limit others to create their own expression of "fish", whether through drawing or other media.

The web and video

A key factor in the web’s success is that its core technologies such as HTML, HTTP, TCP/IP, etc. are open and freely implementable. Though video is also now core to the web experience, there is unfortunately no open and free video format that is on par with the leading commercial choices. To that end, Google is introducing WebM, a broadly-backed community effort to develop a world-class media format for the open web.

So you have HTML5, VP8 for codec, etc...

Personal Learning Environment and CloudCourse

CloudCourse is a course-scheduling tool, fully integrated with Google Calendar. CloudCourse also features approval processes, wait list management, as well as room and user profile information and can be further customized to sync the data with other internal systems.

Moodle is another Course Management System (CMS), also known as a Learning Management System (LMS) or a Virtual Learning Environment (VLE). It is a Free web application that educators can use to create effective online learning sites.

PLE is a new term that describes how we learn in the Web 2.0 context. What do mean by that? What does Web 2.0 have anything to do with PLE? Let's pause for a second to think about this.

Working with MSI

How to create an MSI installation package from scratch

(1) Install the Microsoft Windows Installer SDK. This will by default install to C:\Program Files\Windows Installer 4.5 SDK\.

(2) Browse to the C:\Program Files\Windows Installer 4.5 SDK\Tools folder and run the Orca.msi installation. Perform a complete installation of Orca. This program is used to modify .MSI files.

(3) Create a basic MSI package by merging the two sample .msi files together. From a DOS prompt, do the following:
Step 1: Copy the schema.msi file to YourNewMSI.msi file
Step 2: msimerg YourNewMSI.msi sequence.msi
Step 3: msimerg YourNewMSI.msi uisample.msi

You now have a single MSI file with basic logic and sequencing. To customize for your specific application, do the following steps:

(1) Open the YourNewMSI.msi file with Orca (right-click and select Edit with Orca).

(2) Click on the View / Summary Information menu in Orca. Change it into something relevant for your company or product, and select the platforms and languages.

(3) Run GUIDGEN to get the GUID for the ProductID for your MSI package, and make sure it's all in UPPERCASE!

(4) Go to the "Property" table, and change the ARPHELPLINK to your company website.

(5) Drop the ComponentDownload row.

(6) Add a new row for each of the following properties (case sensitive):

ALLUSERS = 1 for machine-only installations.

ProductName = Your product name

Manufacturer = Your company name

ProductCode = Use GUIDGEN to get a GUID for this product

ProductVersion = Your product version

ARPNOMODIFY = 1 (to disable the "Modify" button in Add/Remove Programs.)

ARPNOREMOVE = 1 (to disable the "Remove" button.)

You need to create at least 1 feature and 1 component. Do the following:

(7) Go to the "Feature" table

You need to create at least 1 feature and 1 component before you can run/use the MSI:

Go to the "Feature" table and create a new record:
Feature = Complete
Parent =
Title = Complete
Description = Complete installation
Display = 1 (=displayed expanded in the featurelist)
Level = 1
Directory = TARGETDIR
Attributes = 0

Now we need to add the registry key we'd like to install. Go to the Registry table,
and create a new record:

Registry = REG00001
Root = -1 (= Depend on the value of the ALLUSERS property.
            You can also use 0=HKCR, 1=HKCU, 2=HKLM, 3=HKEY_USERS)
Key = SOFTWARE\[Manufacturer]\[ProductName]
Name = ProductName
Value = [ProductName] [ProductVersion]
Component = COMP0001

Note: Using [propertyname] means it should use the named property's value.

Now we need to create the COMP0001 component we just referenced:

Go to the Components table and create a new record:
Component = COMP0001
ComponentID = (Run GUIDGEN to get a GUID - make sure it's in UPPERCASE)
Directory = TARGETDIR
Attribute = 4 (4= registry, 0 = files to be installed locally)
Condition =
Keypath = REG00001

Now we can connect this component to the "Complete" feature:

Go to the FeatureComponents table and create a new record:
Feature = Complete
Component = COMP0001

Now, we need to have a single record in the Directory table before the installation can be done.
This is because of the special handling of the TARGETDIR property, which has to be resolved.

Create a new record in the Directory table:
Directory = TARGETDIR
Directory_parent = (leave blank (null) or use TARGETDIR)
Value = SourceDir

Tip: Change the LicenseAgreementDlg record (text field) in the Controls table to include your license text.

Tip: Use the Tools | Validate menu option in Orca to make sure you have entered all the data properly.

You should now be able to install your MSI package (only a registry key, but a good start :). Make sure the installation and removal can be completed, and that the ARP (Add / Remove Programs) info is as expected. Use RegEdit to see that the registry key was installed properly, and is removed when uninstalling.

Installing MSI packages silently using command lines

You can create a small command file to install the MSI package silently (not going through all the dialogs) ; this makes it easier and faster to perform tests of the actual installations once the user interface has been tested.

Create the following two small text files in your project folder:

To install silently, no prompts, no logging:

Install.cmd:
MsiExec /i "MyMSI.msi" /Qb-!

Uninstall.cmd:
MsiExec /X "MyMSI.msi" /Qb-!

To install silently with a success/failed dialog in the end, and logging enabled:

Install.cmd:
MsiExec /i "MyMSI.msi" /L*v "c:\temp\MyMSI_i.log" /Qb+

Uninstall.cmd:
MsiExec /X "MyMSI.msi" /L*v "c:\temp\MyMSI_x.log" /Qb+

Please make sure you have a C:\temp directory, and have write access to it.

You can now doubleclick on the install.cmd or uninstall.cmd to quickly install or remove your software package.

Tip: Make sure you include the redistributable setup files for MSI for Win9x / NT on your website, some people might now have the Windows Installer technology installed. They can be found in C:\Program Files\MsiIntel.SDK\Redist\.

Expanding the installation package

Naturally, installing a registry is not as important as installing files - but it's vital to have the basics in order. If your MSI is now fully working, you can continue with adding files to be installed.

For each of your following MSI projects, remember to copy your basic MSI and then open it with Orca and change the ProductID in the summary information and the ProductCode property to some unique UPPERCASE GUID numbers for this package.

Adding file(s) to the installer

Create a directory structure under your project source directory that matches the target folder structure. For each directory you have listed, a subdirectory with the same name must exist in the source tree. In most cases this means you would have a Program Files\Your Company Name\Your Product Name\ subfolder in the root of the source tree.

The files you want to install must be found in the directory they should be installed to (by default relative to the source root, and the installation target base path). So if you install YourApplication.exe to C:\Program Files\MyCompany\MyProduct\, you should have a Program Files\MyCompany\MyProduct\YourApplication.exe under the root of your source tree.

Create the following properties in the directory table:

(Use Directory_Parent=TARGETDIR, DefaultDir=.)
SystemFolder
ProgramMenuFolder
PersonalFolder
ProgramFilesFolder
DesktopFolder
StartMenuFolder

These are automatically resolved during install. See "System Folder Properties" in the help file (link from under Directory table help).

Create the target installation directory records:

DIR00001, parent=ProgramFilesFolder, DefaultDir=.:PROGRA~1|Program Files
DIR00002, parent=DIR00001, Defaultdir=Spinne~1|Spinner Software

Tip: The Defaultdir uses the format targetdir:sourcedir, optionally short | long filenames. The "." means the value used in the directory_parent field is the resolved target path (so no subdirectory is created with the defaultvalue name). So while DIR00001 resolves to the ProgramFilesFolder value (and expects a Program Files subdirectory in the source tree), DIR00001 creates a Spinner Software subdirectory under the resolved DIR00001 parent (and expects one in the source tree as well). This essentially allows you to have multiple source directories that all resolve to the same target during installation.

Go to the Files table, and create a new entry record. In this example we'll install Notepad.exe:

File=FILE0001, Component=COMP0002, Filename=Notepad.exe, Filesize=0, Attributes=0, Sequence=1.

If a file is Vital to the proper functioning of the application, use Attributes = 512.

Create a new component to hold your file. Go to the Components table and add a new record:

COMP0002, attributes = 0, directory = DIR00002, Keypath=FILE0001.
Use GUIDGEN to get the component ID.

When you set the directory field for Component COMP0002 to use DIR00002, Notepad.exe (FILE0001 pointed to by the keypath) file will be installed into C:\Program Files\Spinner Software\.

Create a new record in the FeatureComponents table:

Feature=Complete, Component=COMP0002.

Create a record in the Media table with DiskID=1, LastSequence=1 (highest Sequence number in File table).

Save the MSI, then open a command prompt and run the following command in the project folder:

CScript //nologo wifilver.vbs mymsi.msi

This will show you the information found in the File table.

Now update it with the latest file information (found from the source tree):

CScript //nologo wifilver.vbs mymsi.msi /U

Your MSI file is now ready to install both registry keys and files :).

Adding a shortcut

Create new records in the Directory table for the shortcuts:

DIR00003, parent=StartMenuFolder or ProgramMenuFolder, defaultdir=.
DIR00004, parent=DIR00003,
  defaultdir=Spinne~1|Spinner Software
  (or whatever name you want in your start menu, in short | long file name format)
DIR00005, parent=DesktopFolder, defaultdir=.

Create a new record in the Icon table:

Name=ICON0001.exe, Data = full path to the exe file in the source tree
(this will be read in automatically and the icon stored).

Create new records in the Shortcuts table:

Shortcut=SCUT0001, Directory=DIR00004, Name=Notepad,
Component=COMP0002, Target=Complete, Description=Notepad,
Icon=ICON0001.exe, IconIndex=0 or 1, ShowCmd=1.

For the Desktop shortcut, copy/paste the row, then change the keyname
and the directory from DIR00004 to DIR00005:

Shortcut=SCUT0002, Directory=DIR00005, Name=Notepad,
Component=COMP0002, Target=Complete, Description=Notepad,
Icon=ICON0001.exe, IconIndex=0 or 1, ShowCmd=1.

Note that there's a bug, so the extension (file type) of the Icon field must match the target file extension. Hence, name it ICON0001.exe. Please note the value of this field is Case Sensitive.

Validate your project, then run a test. You should now have a shortcut on the users desktop, and under the Spinner Software folder in the Start Menu | Programs menu.

Compressing the MSI into a single file

For this you need the WiMakCab.vbs script from C:\Program Files\MsiIntel.SDK\Samples\Scripts. Copy it to your project folder.

Run the following command to create a cabinet file with all the files listed in MyMSI.MSI :

cscript //nologo wimakcab.vbs mymsi.msi MyCabinet /C

The most useful option for this script is the ability to create a single MSI file that contains everything. This is the kind of file you want to distribute.

Run the following command to create a cabinet file containing all your files, sequence the File table, update the MyMSI.MSI file to include the new cabinet file, and enable the "Compressed" option:

cscript //nologo wimakcab.vbs mymsi.msi MyCabinet /C /U /E /S

Note that 4 MyCabinet.* files are created: The actual cabinet file (.CAB), the .DDF is a definition of the content of the CAB file, and the .INF file lists the files in the cabinet. The .RPT file is just a text report on the success of the cabinet creation. All 4 files can be deleted after you've used the /C /U /E /S options, since your files are now streamed inside the single MSI file.

Tip: If you have problems creating the cab file, check the File Table records. The WiMakCab.vbs script only handles File Table records where the NonCompressed bit is cleared in the Attributes field. There is also a problem with MakeCab.exe under Windows 2000 : if a file has the NonCompressed bit set and you update the MSI to use a single compressed file (with a built in cabinet), this flag is not removed, and the package will not install properly. You'll get an error that the file to install could not be found. You can fix this in the WiMakCab script by adding the following lines :

 ' In the top of WiMakCab, add the msidbFileAttributesCompressed flag
 Const msidbFileAttributescompressed = &h00004000

 ' Right before the statement (search wimakcab for it):
 '   If (attributes And msidbFileAttributesNoncompressed) = 0 Then
 ' you can insert the following block of code:

 ' MakeCab does not change the NonCompressed / Compressed flag!!
 If (attributes And msidbFileAttributesNoncompressed) <> 0 Then
  WScript.Echo "File " & filename & " is marked non-compressed. Changing attribute."
  attributes = (attributes - msidbFileAttributesNonCompressed)

  ' To be really nice, you could set it to the proper value:
  attributes = (attributes + msidbFileAttributesCompressed)

  ' Update the field (the record will be updated later)
  record.IntegerData(5) = attributes
 End If

I found it useful to create a little command script to create the compressed MSI. I update the files in the source tree, then run this command file to create a new, single (compressed) MSI for distribution. It expects a file named Input.msi, and creates the file Output.msi.

CreateMSI.cmd:
@ECHO OFF
@ECHO.
@ECHO Updating MSI file with new files
@ECHO.

@ECHO Remove target output file
DEL /Q "Output.msi"

@ECHO Update MSI information from source tree
CScript //nologo WiFilVer.vbs Input.msi
CScript //nologo WiFilVer.vbs Input.msi /U

@ECHO Copy original file to new output file
COPY /Y "Input.msi" "Output.msi"

REM @ECHO Create a single cabinet file with all your files
REM CScript //nologo WiMakCab.vbs "Output.msi" Files /C

@ECHO Create and embed the file cabinet
CScript //nologo WiMakCab.vbs "Output.msi" Files /C /U /E /S

DEL /Q "Files.CAB"
DEL /Q "Files.INF"
DEL /Q "Files.RPT"
DEL /Q "Files.DDF"

@ECHO Done
PAUSE

Part 2 - Custom Actions:

Continue to -> How to create MSI Custom Actions

(c) 2004 Nicolai Kjaer, Spinner Software B.V.

CDMA vs GSM

- CDMA: Verizon, Sprint PCS, and Virgin Mobile. 270 million subscribers worldwide.
- GSM: AT&T Wireless, T-Mobile USA. 1 billion subscribers worldwide.

International Roaming: GSM yes. CDMA no.

SIM cards: GSM yes. SIM's are not tied to the network but the actual phone. SIM allows phones to be instantly activated without carrier intervention. CDMA has R-UIM card in parts of Asia but not in USA.

Speed: CDMA is faster. CDMA2000 (or EVDO) allows downstream rate of 2 Mbps. GSM EDGE boasts 384 Kbps.

3G and WiMAX

What are the advantages and disadvantages of each?

Android vs Maemo

“Don’t let the noise of others’ opinions drown out your own inner voice.” -Steve Jobs

Technically, both Maemo and Android run on Linux kernels. However, Maemo is a full Linux distro, based on Debian, while Android is a sole kernel with a few programs on top of it (namely, Dalvik virtual machine and Sqlite database). On Adnroid all applications run within Dalvik virtual machine, which is heavily optimized and modified version of Java virtual machine (JVM).

Understanding Mobile Application Development - Part 1

"I don't know the key to success, but the key to failure is trying to please every body" -Bill Crosby.

Employees are increasingly working away from their offices and require access to corporate data normally found only on PC's connected to enterprise networks. As such, companies are looking for ways to support this trend. According to InformationWeek, of the 695 business technology professionals responding to their November 2009 InformationWeek Analytics Application Mobilization Survey, 42% say their organizations have deployed mobile applications on smartphones; an additional 11% say they’ll do so within the next 12 months. Six percent have up to a 24-month window. Just 23% say they have no plans to deploy.

One caveat: Only 21% of the 535 respondents currently deploying or planning to deploy mobile apps on smartphones indicate widespread programs throughout their organizations, compared with 42% pointing to department-specific rollouts. So it seems while companies recognize the important of supporting an increasingly mobile workforce, they're reluctant to implement widespread programs.

What does "mobile" mean?

First you have a desktop PC. While it is relatively compact, is not really mobile. Your laptop, while mobile relative to a desktop, retains the same basic physical requirements as a desktop: horizontal surface, room for keyboard and screen, the use of two hands, etc.

Your mobile device, however, represents a significant divergent in the evolution of portable personal computing. You are no longer restricted to a limited set of movements and positions - not to mention the use of two hands - in order to interact with your device. In essence, the truly mobile device is an extension of you and not visa-versa.

It is no wonder that there is a great variety of different mobile devices with different capabilities, features and restrictions. Mobile devices may have different technical capabilities (such as amount of available memory, resolution and size of the display, network connectivity options, support for different standards and interfaces, and different operating system versions); cell phone operators may require operator-specific device variants; and there can be a need for language-specific variants for different global markets.

Because of the many technical limitations of the mobile device, there are many new complexities developers must deal with. For a mobile device to connect to the same reservoir of data as a desktop PC, the mobile phone must first connect over a an older, slower GPRS, or perhaps via a newer, faster G3 or EDGE connection, and once the connection has been achieved, it must be sustained as the user moves through the coverage matrix of a given carrier. As a result, mobile devices are severely limited in terms of bandwidth. Furthermore, the miniaturized view-port adds yet another restriction on the data that may be accessed by a mobile device.

---
Globally, mobile devices outnumber computers 20-1. In 2006, according to AMR, Nokia alone were selling on average 11-12 phones a second (http://news.softpedia.com/news/11-12-Nokia-Phones-Are-Sold-at-Every-Second-56267.shtml).

When we examine the technical hurdles faced by a mobile device in connecting to the very same reservoir of data as a desktop or laptop PC, we are quickly struck by the nearly miraculous nature of the connection. The mobile phone must first connect over a less powerful network (be it an older, slower GPRS, or perhaps via a newer, faster G3 or EDGE connection,) and once the connection has been achieved, it must be sustained through a nearly balletic transference of the call from cell-tower to cell-tower as the user moves through the coverage matrix of a given carrier. As a result, mobile devices are severely limited in terms of bandwidth. Furthermore, the miniaturized view-port adds yet another restriction on the data that may be accessed by a mobile device.

Audience is key

When designing any product, website or not, knowing your audience is key. What do they want? Someone browsing your mobile site has very different needs and expectations from a desktop customer. Mobile users are limited by their device and are not, for example, accessing your site in order to download a large PDF or browse videos by their favorite band. So what, then, are the core motivations that would bring someone to your mobile site? Fortunately Google has been focusing on this question for quite some time and their research has revealed that there are three primary types of mobile user.

When designing for the mobile web, it is useful - indeed, essential - to keep the following three categories of mobile web surfers in mind. Your central question should be "which group or groups are most likely to access my mobile website?" Once this question has been answered, you can begin to focus on creating the site's architecture accordingly.

The challenges

In general, a major challenge for mobile application development is the great variety of different target devices with different capabilities, features and restrictions. Devices may inherently have different technical capabilities (such as amount of available memory, resolution and size of the display, network connectivity options, support for different standards and interfaces, and different operating system versions); cell phone operators may require operator-specific device variants; and there can be a need for language-specific variants for different global markets.

The approaches

Developing and managing a wide variety of application variants demands extra effort in mobile environment. There are two main approaches:

• Developing the application so that it is adjustable and scalable to a wide variety of devices from the beginning. The drawback of this approach can be that the initial development effort is more significant. Typically, it is preferred to have a flexible, adjustable, and scalable application architecture. The initial effort pays off sooner or later, and is an investment in the future.

• Developing the application so that it is targeted to a narrow number of similar target devices. While the initial development time may be shorter, the drawback is that the post-production phases and variant creation is typically more difficult. This approach can be beneficial in certain cases, for example when developing enterprise applications where the device portfolio is easily controlled and limited, making the need for creating variants lower or even completely unnecessary.

Why do we need a element?

Until now, if you wanted to include video in a web page, you had to wrangle some fairly cryptic markup. Here's an example, taken directly from YouTube:

First of all, we have an