Tech That!: 2007

7/16/2007

How not to get hacked

It's important to know how not to get hacked. The following details the layers of security you can place on your wireless network, as well as the effectiveness of each layer.
In some ways, securing a network is like the security on your home:

Leave the front door wide open. Seen by curious honest people and criminals alike as an open invitation to enter. See, it even says ‘Welcome’ on the doormat!
Shut the front door. This will keep out an honest person, but a crook wouldn’t be deterred, as they’ll walk right up and try the handle.
Lock the front door. This will again keep out the opportunist thief who will only try the door handle or climb in open a window to see if he can get it. Luckily most criminals fall into this category, so lock your door!
Bolt the door with deadbolts, bars on the windows, and alarms. It takes a lot more to keep out the determined criminal who, with a little equipment and know-how, might pick the lock, disable your alarm, or break your whole door down!

Wireless security falls into the same categories:

Leaving the door open: an open invitation

Broadcasting a default SSID
No MAC filtering
No encryption
DHCP switched on/No access controls

Shutting the door:

Changing the SSID (the name) of your network and disabling SSID broadcast. The determined hacker can discover this, so it merely protects you from the opportunist who’s in a hurry.
Disabling DHCP/Access Control. This will not stop a hacker with even minimal knowledge, as there are many tools which will sniff out available IP addresses on your network
MAC address filtering. A hacker with only a little know-how will be able to clone your MAC address--and see everything you see on your network.

Locking the door

WEP: Wireless Encryption Protocol can be hacked in seconds using free tools that are widely available.

Bolting the door

WPA: A randomized pre-shared key of at least 10 characters would take half-a-million years to crack. More info about this here. (Note: A random key means that it shouldn’t be a word that exists in any dictionary (hackers have extensive dictionaries that include all common passwords, English words, nicknames, and misspellings of words. This is called a “dictionary attack.”) A random key is a meaningless mix of lower- and uppercase letters and numbers, and sometimes special characters like punctuation, depending on whether your router supports it). If you’re not sure how to get a random key, you can generate a simple WPA key online on this Web site or a more complex one here. You can also get software that will generate a key for you (type “software generate wpa key” into your favorite search engine).

It’s best to build up each type of security in layers, checking that all devices can connect and communicate at each step before adding another layer. Make sure you read your router’s manual to ensure you’re storing the settings correctly (some routers require you to save the settings each time you make a change or the changes will be lost).

6/15/2007

Firewall

What is a firewall?
A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It may be a hardware device running on a secure host computer. In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest firewalls were simply routers. The term firewall comes from the fact that by segmenting a network into different physical subnetworks, they limited the damage that could spread from one subnet to another just like firedoors or firewalls.

What does a firewall do?
A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.

What can't a firewall do?
A firewall cannot prevent individual users with modems from dialling into or out of the network, bypassing the firewall altogether. Employee misconduct or carelessness cannot be controlled by firewalls. Policies involving the use and misuse of passwords and user accounts must be strictly enforced. These are management issues that should be raised during the planning of any security policy but that cannot be solved with firewalls alone.
The arrest of the Phonemasters cracker ring brought these security issues to light. Although they were accused of breaking into information systems run by AT&T Corp., British Telecommunications Inc., GTE Corp., MCI WorldCom, Southwestern Bell, and Sprint Corp, the group did not use any high tech methods such as IP spoofing . They used a combination of social engineering and dumpster diving. Social engineering involves skills not unlike those of a confidence trickster. People are tricked into revealing sensitive information. Dumpster diving or garbology, as the name suggests, is just plain old looking through company trash. Firewalls cannot be effective against either of these techniques.

Who needs a firewall?
Anyone who is responsible for a private network that is connected to a public network needs firewall protection. Furthermore, anyone who connects so much as a single computer to the Internet via modem should have personal firewall software. Many dial-up Internet users believe that anonymity will protect them. They feel that no malicious intruder would be motivated to break into their computer. Dial up users who have been victims of malicious attacks and who have lost entire days of work, perhaps having to reinstall their operating system, know that this is not true. Irresponsible pranksters can use automated robots to scan random IP addresses and attack whenever the opportunity presents itself.

How does a firewall work?
There are two access denial methodologies used by firewalls. A firewall may allow all traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria . The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another. Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports. They may also use complex rule bases that analyse the application data to determine if the traffic should be allowed through. How a firewall determines what traffic to let through depends on which network layer it operates at. A discussion on network layers and architecture follows.

What are the OSI and TCP/IP Network models?
To understand how firewalls work it helps to understand how the different layers of a network interact. Network architecture is designed around a seven layer model. Each layer has its own set of responsibilities, and handles them in a well-defined manner. This enables networks to mix and match network protocols and physical supports. In a given network, a single protocol can travel over more than one physical support (layer one) because the physical layer has been dissociated from the protocol layers (layers three to seven). Similarly, a single physical cable can carry more than one protocol. The TCP/IP model is older than the OSI industry standard model which is why it does not comply in every respect. The first four layers are so closely analogous to OSI layers however that interoperability is a day to day reality.
Firewalls operate at different layers to use different criteria to restrict traffic. The lowest layer at which a firewall can work is layer three. In the OSI model this is the network layer. In TCP/IP it is the Internet Protocol layer. This layer is concerned with routing packets to their destination. At this layer a firewall can determine whether a packet is from a trusted source, but cannot be concerned with what it contains or what other packets it is associated with. Firewalls that operate at the transport layer know a little more about a packet, and are able to grant or deny access depending on more sophisticated criteria. At the application level, firewalls know a great deal about what is going on and can be very selective in granting access.
It would appear then, that firewalls functioning at a higher level in the stack must be superior in every respect. This is not necessarily the case. The lower in the stack the packet is intercepted, the more secure the firewall. If the intruder cannot get past level three, it is impossible to gain control of the operating system.
Professional firewall products catch each network packet before the operating system does, thus, there is no direct path from the Internet to the operating system's TCP/IP stack. It is therefore very difficult for an intruder to gain control of the firewall host computer then "open the doors" from the inside.
According To Byte Magazine, traditional firewall technology is susceptible to misconfiguration on non-hardened OSes. More recently, however, "...firewalls have moved down the protocol stack so far that the OS doesn't have to do much more than act as a bootstrap loader, file system and GUI". The author goes on to state that newer firewall code bypasses the operating system's IP layer altogether, never permitting "potentially hostile traffic to make its way up the protocol stack to applications running on the system".

What different types of firewalls are there?
Firewalls fall into four broad categories: packet filters, circuit level gateways, application level gateways and stateful multilayer inspection firewalls. Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They are usually part of a router. A router is a device that receives packets from one network and forwards them to another network. In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet, forward it or send a message to the originator. Rules can include source and destination IP address, source and destination port number and protocol used. The advantage of packet filtering firewalls is their low cost and low impact on network performance. Most routers support packet filtering. Even if other firewalls are used, implementing packet filtering at the router level affords an initial degree of security at a low network layer. This type of firewall only works at the network layer however and does not support sophisticated rule based models . Network Address Translation (NAT) routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall, and offer a level of circuit-based filtering.
Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets.
Application level gateways, also called proxies, are similar to circuit-level gateways except that they are application specific. They can filter packets at the application layer of the OSI model. Incoming or outgoing packets cannot access services for which there is no proxy. In plain terms, an application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. Because they examine packets at application layer, they can filter application specific commands such as http:post and get, etc. This cannot be accomplished with either packet filtering firewalls or circuit level neither of which know anything about the application level information. Application level gateways can also be used to log user activity and logins. They offer a high level of security, but have a significant impact on network performance. This is because of context switches that slow down network access dramatically. They are not transparent to end users and require manual configuration of each client computer.
Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer. They allow direct connection between client and host, alleviating the problem caused by the lack of transparency of application level gateways. They rely on algorithms to recognize and process application layer data instead of running application specific proxies. Stateful multilayer inspection firewalls offer a high level of security, good performance and transparency to end users. They are expensive however, and due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel.

Is a firewall sufficient to secure my network or do I need anything else?
The firewall is an integral part of any security program, but it is not a security program in and of itself. Security involves data integrity (has it been modified?), service or application integrity (is the service available, and is it performing to spec?), data confidentiality (has anyone seen it?) and authentication (are they really who they say they are?). Firewalls only address the issues of data integrity, confidentiality and authentication of data that is behind the firewall. Any data that transits outside the firewall is subject to factors out of the control of the firewall. It is therefore necessary for an organization to have a well planned and strictly implemented security program that includes but is not limited to firewall protection.

What is IP spoofing?
Many firewalls examine the source IP addresses of packets to determine if they are legitimate. A firewall may be instructed to allow traffic through if it comes from a specific trusted host. A malicious cracker would then try to gain entry by "spoofing" the source IP address of packets sent to the firewall. If the firewall thought that the packets originated from a trusted host, it may let them through unless other criteria failed to be met. Of course the cracker would need to know a good deal about the firewall's rule base to exploit this kind of weakness. This reinforces the principle that technology alone will not solve all security problems. Responsible management of information is essential. One of Courtney's laws sums it up: "There are management solutions to technical problems, but no technical solutions to management problems".
An effective measure against IP spoofing is the use of a Virtual Private Network (VPN) protocol such as IPSec. This methodology involves encryption of the data in the packet as well as the source address. The VPN software or firmware decrypts the packet and the source address and performs a checksum. If either the data or the source address have been tampered with, the packet will be dropped. Without access to the encryption keys, a potential intruder would be unable to penetrate the firewall.

Firewall related problems:

Firewalls introduce problems of their own. Information security involves constraints, and users don't like this. It reminds them that Bad Things can and do happen. Firewalls restrict access to certain services. The vendors of information technology are constantly telling us "anything, anywhere, any time", and we believe them naively. Of course they forget to tell us we need to log in and out, to memorize our 27 different passwords, not to write them down on a sticky note on our computer screen and so on.
Firewalls can also constitute a traffic bottleneck. They concentrate security in one spot, aggravating the single point of failure phenomenon. The alternatives however are either no Internet access, or no security, neither of which are acceptable in most organizations.

Benefits of a firewall:

Firewalls protect private local area networks from hostile intrusion from the Internet. Consequently, many LANs are now connected to the Internet where Internet connectivity would otherwise have been too great a risk.
Firewalls allow network administrators to offer access to specific types of Internet services to selected LAN users. This selectivity is an essential part of any information management program, and involves not only protecting private information assets, but also knowing who has access to what. Privileges can be granted according to job description and need rather than on an all-or-nothing basis.

Thanks Ayub for sending me this post.

6/11/2007

Microsoft Excel formulas

Following are the most asked questions of microsoft excel. I hope you'll find it worthwhile.

Excel settings:

When I enter a value, it appears with two decimal places. For example, when I enter 154 it shows up as 1.54. What's wrong?
Somehow Excel's fixed-decimal mode was turned on. To return to normal select Tools » Options » Edit » remove the check mark from the Fixed decimal option.
Can I change the color of the worksheet tabs in my workbook?
No. It would certainly be helpful to be able to color-code your worksheet tabs. Microsoft hasn't implemented this feature (please check this feature in Microsoft Office Live. I heard its available in this new version of office, though not sure) which has been available in 1-2-3 and Quattro Pro for quite a while.
I saved my workbook with a password, but Excel doesn't recognize it and won't let me open the file. Am I out of luck?
Passwords are case sensitive. So if you originally entered your password as Xyzzy then typing xyzzy won't work. If you are entering the password correctly then it's time to start looking for a password recovery utility. Several utilities exist and some of them are free. Google search for Excel password recovery and you'll find several products that will come to the rescue. These products might raise some alarms for the security minded.
Bottom line?
Excel password protection isn't as secure as you might expect.
How can I increase the number of rows or columns in a worksheet?
Every workbook in Excel has 255 columns and 65,526 rows. These values are fixed and cannot be changed. If you need more rows use Microsoft Access or latest version of Excel also known as Microsoft Excel Online.

Formulas and Functions:

Is there a function that returns the name of the worksheet?
Excel's CELL function comes close. The following formula displays the workbook's full path along with the worksheet name:
=CELL("filename")
For example this formula might return something like:
C:\Windows\Desktop\[Budget.xls]Sheet2
Returning only the sheet name requires a more complex formula:
=MID(CELL("filename"), FIND("]",CELL("filename"))+1, LEN(CELL("filename"))-FIND("]", CELL("filename")))
I have a price list stored in a worksheet and I need to increase all prices by 5 percent. Can I do this without re-entering all the prices?
Excel provides two ways traditional technique which goes something like this...
Insert or find a blank column near the prices.
In that column's first cell enter a formula to multiply the price in that row by 1.05.
Copy the formula down the column.
Then select and copy the entire column of formulas, select the original prices and choose Edit » Paste Special » select Values to overwrite the original prices with the formulas results.
And finally delete the column of formulas.
Another more efficient approach also uses the Paste Special dialog box.
To increase a range of values (prices in this example) by 5 percent enter 1.05 into any blank cell.
Select the cell and choose Edit » Copy.
Then select the range of values and choose Edit » Paste Special.
Choose the Multiply option and click OK.
Then delete the cell that contains the 1.05.
I've created some clever formulas and I don't want anyone else to see them. Is it possible to hide the formulas but display the results?

Every cell has two key properties: locked and hidden.
A locked cell can't be changed and the contents of a hidden cell don't appear in the formula bar when the cell is selected.
By default every cell is locked and not hidden. But it's important to remember that these attributes have no effect unless the worksheet itself is protected.
To change the attributes select the appropriate cell or range and then choose Format » Cells » Protection » Locked or Hidden (or both).
Unlock cells that accept user input and lock formula and other cells that should stay unchanged (such as titles).
To prevent others from seeing your formulas lock and hide the formula cells. The results of the formulas will be visible but the formulas will not.

To protect the worksheet choose Tools » Protection » Protect Sheet. Make sure the Contents box is checked. Enter a password to prevent others from unprotecting the sheet. Locked cells in a protected sheet cannot be edited and changes are disabled.
Can I write a formula that returns the number of distinct entries in a range?
Say we're hunting for a formula that, given the range 100, 99, 98, 100, 98, 100, 98, would return 3. This type of counting requires an array formula. For example counts the number of distinct entries in the range A1:D100.
=SUM(1/COUNTIF(A1:D100, A1:D100))
When you enter this formula you must press Ctrl-Shift-Enter.
Pressing only Enter will give you the wrong result.
Excel will place brackets around the formula to remind you that you've created an array formula.
The preceding formula works fine in many cases but it will return an error if the range contains any blank cells.
The formula below with Ctrl-Shift-Enter is more complex but it will handle a range that contains a blank cell.
=SUM(IF(COUNTIF(A1:D100,A1:D100)=0, "", 1/COUNTIF(A1:D100,A1:D100)))

Thanks Ayub for sending me this great finding. Also thanks Imageshack for hosting the above images for free.

6/10/2007

Excel Tricks

writing this set of tricks I found more than 600 relevant blogs and sites with the help of Google. Not all of them are different but some have incredible codes which empowers you to control Excel in very easy way and in full. Some of the codes and tricks are given below, I hope it will help you save your time and increase your productivity.

When I open a workbook Excel asks if I want to update the links. I've looked everywhere, and I can't find any links in my formulas!

I've never known Excel to be wrong about identifying links, so there's an excellent chance your workbook does contain one or more links but they are probably not formula links.
If you have a chart in your workbook click each data series in the chart and examine the Series formula in the formula bar. If the formula refers to another workbook, you've identified the link. To eliminate it and move the chart's data into the current workbook and recreate your chart. If your workbook contains any dialog sheets then select each object in each dialog box and examine the formula bar. If any object contains a reference to another workbook just edit or delete that reference. And if these two approaches don't solve your problem simply follow the following steps...
Step 1:
Select Edit » Links. The link dialog box will appear.
(In some cases, this command is not available. If you can't select it just skip to step 4.)
Step 2:
Click the Change Source button and change the link to the active file.
Step 3:
Select Insert » Name » Define. Scroll down the list in the Define Name dialog box and examine the Refers to box. Delete names that refer to another workbook or that contain an erroneous reference (such as #REF!). This is the most common cause of phantom links.
Step 4:
Save your workbook. When you re-open it, Excel won't ask you to update links! Simple!!

How can I make text in a cell display in multiple lines?
When entering text into the cell, press Alt-Enter to insert a line break.
When you do so, Excel will automatically apply text wrapping to the cell.
To re-format existing cells so they sport wrapped text, select the Cells and choose Format » Cells. On the Alignment tab select Wrap text and click OK.

Sometimes my formulas do not get fully calculated. This often happens when I use custom functions created with Visual Basic.
Microsoft has acknowledged some problems with the Excel calculation engine. In order to be assured that all of your formulas have been calculated press Ctrl-Alt-F9 to force a complete recalculation.

Dates and times:

How can I calculate the difference between two dates?
Excel stores dates as serial numbers. The number 1 represents 1st January 1900, the number 2 represents 2nd January 1900 and so on. Formatting these numbers using a date format causes them to appear as actual dates. Therefore, if you have dates stored in two cells, you can simply create a formula that subtracts one from the other to get the number of intervening days. You'll want to make sure that the formula cell is formatted as a number, not a date. DATEDIF function which was not documented prior to Excel 2000 returns the difference between two dates expressed in years, months or days.
Excel's DATEDIF function takes three arguments. Its syntax is:
=DATEDIF (start_date, end_date, units)
In the syntax start_date is a date or reference to a date... end_date is a date or reference to a date... and units is a one- or two-digit string (in double quotes) specifying the units for the difference between the two dates.
Acceptable values for the units argument are shown below...

y returns the number of full years in the period.
m returns the number of full months in the period.
d returns the number of full days in the period.
md returns the number of full days in excess of the last full month.
ym returns the number of full months in excess of the last full year.
yd returns the number of full days in excess of the last full year.
For example, assume cells A1 and B1 contain dates. The formula below returns the number of full years between the dates (useful for calculating a person's age):
=DATEDIF(A1,B1,"y")
The formula below calculates the number of full months between the two dates:
=DATEDIF(A1,B1,"m")

I have a range of time values but when I try to sum them the total is never greater than 24 hours.
When you add a range that contains time values, Excel ignores the hours that exceed 24. The solution is to use a custom number format. Activate the cell that contains your total time and then choose Format » Cells » Number tab. Choose Custom from the Category list and type [h]:mm into the box labeled Type. Using brackets around the hour portion of the format string tells Excel to display hours that exceed 24 hours.

I have a worksheet that shows total hours and minutes worked along with the hourly pay rate. When I multiply these vales I don't get the result I'm looking for. What's wrong?
Multiply the result by 24 for the number of hours in a day.
If cell A1 contains the number of hours worked (for example, 16:45, for 16 hours and 45 minutes) and cell B1 has the hourly rate then the formula below will calculate the total wages...
=A1*B1*24
Make sure the cell that contains the formula is formatted as a number and not as time.

Is it possible to determine the day of the week for a particular date?
Yes, assume that cell A1 contains a date value. The formula below uses the WEEKDAY function, which returns an integer between 1 and 7 (1 for Sunday, 2 for Monday, and so on).
=WEEKDAY(A1)
If you'd prefer to see words rather than integers please modify the formula as follows:
=CHOOSE(WEEKDAY(A1), "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday")
Another approach is activate the cell that contains your date and then choose Format » Cells » Number tab. Choose Custom from the Category list and type a custom number format string into the box labeled Type. The trick here is to use dddd as part of the format string.
For example, a format string of dddd mmmm d, yyyy will display the date and the day of the week, like this: Thursday November 23, 2000.

I need to determine the difference between two times. If the difference is positive, it works fine. But Excel doesn't want to display negative time values. Why not?
Excel stores dates and times as numeric values, so it should be possible to add or subtract one from the other. The problem occurs if you have a workbook containing only times and no dates. Subtracting one time from another doesn't always work. Negative time values appear as a series of pound signs, even though you've assigned the [h]:mm format to the cells. By default, Excel uses a date system that begins with January 1, 1900. A negative time value generates a date-time combination that falls before this date, which is invalid.
The solution is to use the 1904 date system. Select Tools » Options » Calculation tab and check the 1904 date system option to change the starting date to January 2, 1904. Your negative times will now be displayed correctly.
Note: If you use the 1904 date system, be careful when linking to date cells in other workbooks. If the linked workbook uses the 1900 date system, the dates retrieved by the links will be incorrect.

How can I enter the current date into a cell so it doesn't change from day to day? When I use the NOW function it always shows the current date!
The easiest way to enter the current date into a cell is to use the Ctrl-; key combination (press the Ctrl key and type a semicolon).
Similarly you can enter the current time by pressing Ctrl-Shift-; (press the Ctrl and Shift keys and type a semicolon). Both of these key combinations enter the information as a volatile value and not as a formula.

Chart and printing:

How can I print a workbook's full path in the header or footer? The Page Setup dialog box doesn't seem to offer the option.

Microsoft continues to ignore what must be thousands of requests for this feature. Although Microsoft Word offers this feature but Excel offers no direct way to print a workbook's full path in the header or footer. The only solution is to create a macro. The technique described below works with Excel 97 and later.
Press Alt-F11 to activate the Visual Basic editor.
In the Project window, double-click the project that corresponds to your workbook. The project list will expand to show several objects.
Double-click the item labeled Microsoft Excel Objects and then double-click the object labeled ThisWorkbook.
Enter the following three lines of VBA code into the code module for the ThisWorkbook object (usually in the right pane of the window you're seeing at this point).

Private Sub Workbook_BeforePrint (Cancel As Boolean)
ActiveSheet.PageSetup.LeftHeader = ThisWorkbook.FullName
End Sub
After inserting the code, press Alt-Q to return to Excel.

This procedure will be executed before you print or preview your workbook. It simply inserts the workbook's path into the left header position. If you prefer to put the path in a different position, substitute any of the following for LeftHeader: CenterHeader, RightHeader, LeftFooter, CenterFooter or RightFooter.

How can I save a chart as a GIF file?
You can save your worksheet as an HTML file and Excel will automatically convert any charts to GIF files. If that seems like overkill you can write a simple macro that will do the job. Press Alt-F11 to activate the Visual Basic editor. Select your workbook in the Projects window and choose Insert » Module to insert a new VBA module. Then type the following four-line procedure into the module...

Sub SaveChartAsGIF ()
Fname = ThisWorkbook.Path & "\" &amp;amp;amp;amp;amp; ActiveChart.Name & ".gif"
ActiveChart.Export FileName:=Fname, FilterName:="GIF"
End Sub

After the macro is entered, reactivate Excel and click the chart to be saved.
Press Alt-F8 to display the Macro dialog box.
Select the SaveChartAsGIF macro and click Run. The procedure uses the chart's name as the GIF file name, and the file is stored in the same directory as the workbook.
This simple macro does no error checking, so it will generate an error if a chart is not selected or if the workbook has not been saved.

The above information is freely available on the internet. Ayub, Umakant and some friends helped me finding related questions.
Thanks Imageshack fo hosting the above image for free. Please use imageshack for all your website picture hosting.

6/08/2007

DHCP Complete

What is DHCP?
DHCP (Dynamic Host Configuration Protocol) is a protocol that lets network administrators manage centrally and automate the assignment of IP (Internet Protocol) configurations on a computer network. When using the Internet's set of protocols (TCP/IP), in order for a computer system to communicate to another computer system it needs a unique IP address. Without DHCP, the IP address must be entered manually at each computer system. DHCP lets a network administrator supervise and distribute IP addresses from a central point. The purpose of DHCP is to provide the automatic (dynamic) allocation of IP client configurations for a specific time period (lease period) and to eliminate the work necessary to administer a large IP network.

Who created DHCP?
DHCP was created by the Dynamic Host Configuration Working Group of the Internet Engineering Task Force (IETF) a volunteer organization which defines protocols for use on the Internet. Its definition is recorded in an Internet RFC (standard) and the Internet Activities Board (IAB) is asserting its status as to Internet Standardization.

Why is DHCP important?
When connected to a network, every computer must be assigned a unique address. However, when adding a machine to a network, the assignment and configuration of network (IP) addresses has required human action. The computer user had to request an address and then the administrator would manually configure the machine. Mistakes in the configuration process are easy for novices to make, and can cause difficulties for both the administrator making the error as well as neighbors on the network. Also, when mobile computer users travel between sites, they have had to relive this process for each different site from which they connected to a network. In order to simplify the process of adding machines to a network and assigning unique IP addresses manually, there is a need to automate the task. The introduction of DHCP alleviated the problems associated with manually assigning TCP/IP client addresses. Network administrators have quickly appreciated the importance, flexibility and ease-of-use offered in DHCP.

How does DHCP work?
When a client needs to start up TCP/IP operations, it broadcasts a request for address information. The DHCP server receives the request, assigns a new address for a specific time period (called a lease period) and sends it to the client together with the other required configuration information. This information is acknowledged by the client, and used to set up its configuration. The DHCP server will not re allocate the address during the lease period and will attempt to return the same address every time the client requests an address. The client may extend its lease with subsequent requests, and may send a message to the server before the lease expires telling it that it no longer needs the address so it can be released and assigned to another client on the network.

What advantages does DHCP have over manual configuration methods?
The use of DHCP is highly recommended and there are a number of obvious reasons why you should use it. As mentioned before, there are two ways you can configure client addresses on a computer network, either manually or automatically. Manual configuration requires the careful input of a unique IP address, subnet mask, default router address and a Domain Name Server address. In an ideal world, manually assigning client addresses should be relatively straight forward and error free. Unfortunately we do not live in an ideal world so computers are frequently moved and new systems get added to a network. Also if a major network resource, such as a router (which interconnects networks) changes network addresses, this could mean changing EVERY system's configuration. For a network administrator this process can be time consuming, tedious and error prone. Problems can occur when manually setting up your client machines, so if you have the option to set-up your client machines automatically, please do, as it will save you time and a lot of headaches. DHCP has several major advantages over manual configurations. Each computer gets its configuration from a "pool" of available numbers automatically for a specific time period (called a leasing period), meaning no wasted numbers. When a computer has finished with the address, it is released for another computer to use. Configuration information can be administered from a single point. Major network resource changes ( e.g. a router changing address), requires only the DHCP server be updated with the new information, rather than every system.

Can DHCP provide support for mobile users?
Yes. The benefits of dynamic addressing are especially helpful in mobile computing environments where users frequently change locations. Mobile users simply plug-in their laptop to the network, and receive their required configuration automatically. When moving to a different network using a DHCP server, then the configuration will be supplied by that network's server. No manual reconfiguration is required at all.

Are DHCP servers easy to set-up and administer?
DHCP Servers offer completely centralized management of all TCP/IP client configurations, including IP address, gateway address and DNS address. DHCP servers are easy to administer and can be set-up in just a few minutes. Client addresses are assigned automatically unlike static set-up which requires the manual input of client addresses which can be a time consuming and tedious task.

Are there any limitations that I should be aware of?
Some machines on your network need to be at fixed addresses, for example servers and routers. The DHCP server you choose should be capable of assigning pre-allocated addresses to these specific machines. You need to be able to assign a machine to run the DHCP server continually as it must be available at all times when clients need IP access. To avoid conflicts between addresses assigned by the DHCP server and those assigned manually, users should be discouraged, or preferably prevented, from reconfiguring their own IP addresses. Some older operating systems do not support DHCP. If you have such systems you may be able to upgrade them. If this is not possible they may support the older BOOTP protocol, and a DHCP server can be chosen that will support this option. For peace of mind, it is a good idea to decide what is important to you, which of the available DHCP servers is best suited to meet your specific requirements and always get a second opinion.

How is it different than BOOTP or RARP?
DHCP is based on BOOTP and maintains some backward compatibility. The main difference is that BOOTP was designed for manual pre-configuration of the host information in a server database, while DHCP allows for dynamic allocation of network addresses and configurations to newly attached hosts. Additionally, DHCP allows for recovery and reallocation of network addresses through a leasing mechanism. RARP is a protocol used by Sun and other vendors that allows a computer to find out its own IP number, which is one of the protocol parameters typically passed to the client system by DHCP or BOOTP. RARP doesn't support other parameters and using it, a server can only serve a single LAN. DHCP and BOOTP are designed so they can be routed.

Why shouldn't clients assign IP numbers without the use of a server?
It is theoretically possible for client-machines to find addresses to use by picking an address out of the blue and broadcasting a request of all the other client machines to see if they are using them. Apple talk is designed around this idea, and Apple's MacTCP can be configured to do this for IP. However, this method of IP address assignment has disadvantages. A computer that needs a permanently-assigned IP number might be turned off and lose its number to a machine coming up. This has problems both for finding services and for security. A network might be temporarily divided into two non-communicating networks while a network component is not functioning. During this time, two different client-machines might end up claiming the same IP number. When the network comes back, they start malfunctioning. If such dynamic assignment is to be confined to ranges of IP addresses, then the ranges are configured in each desktop machine rather than being centrally administered. This can lead both to hidden configuration errors and to difficulty in changing the range. Another problem with the use of such ranges is keeping it easy to move a computer from one subnet to another.

Can DHCP support statically defined addresses?
Yes. At least there is nothing in the protocol to preclude this and one expects it to be a feature of any DHCP server. This is really a server matter and the client should work either way. The RFC refers to this as manual allocation.

Can a BOOTP client boot from a DHCP server?
Only if the DHCP server is specifically written to also handle BOOTP queries.

Can a DHCP client boot from a BOOTP server?
Only if the DHCP client were specifically written to make use of the answer from a BOOTP server. It would presumably treat a BOOTP reply as an unending lease on the IP address. In particular, the TCP/IP stack included with Windows 95 does not have this capability.

Is a DHCP server "supposed to" be able to support a BOOTP client?
The RFC on such interoperability (1534) is clear: "In summary, a DHCP server: ... MAY support BOOTP clients," (section 2). The word "MAY" indicates such support, however useful, is left as an option.

Can a DHCP server back up another DHCP server?
You can have two or more servers handing out leases for different addresses. If each has a dynamic pool accessible to the same clients, then even if one server is down, one of those clients can lease an address from the other server. However, without communication between the two servers to share their information on current leases, when one server is down, any client with a lease from it will not be able to renew their lease with the other server. Such communication is the purpose of the "server to server protocol" (see next question). It is possible that some server vendors have addressed this issue with their own proprietary server-to-server communication.

In a subnetted environment, how does the DHCP server discover what subnet a request has come from?
DHCP client messages are sent to off-net servers by DHCP relay agents, which are often a part of an IP router. The DHCP relay agent records the subnet from which the message was received in the DHCP message header for use by the DHCP server.
Note: a DHCP relay agent is the same thing as a BOOTP relay agent, and technically speaking, the latter phrase is correct.

If a physical LAN has more than one logical subnet, how can different groups of clients be allocated addresses on different subnets?
One way to do this is to preconfigure each client with information about what group it belongs to. A DHCP feature designed for this is the user class option. To do this, the client software must allow the user class option to be preconfigured and the server software must support its use to control which pool a client's address is allocated from.

Can DHCP support remote access?
PPP has its own non-DHCP way in which communications servers can hand clients an IP address called IPCP (IP Control Protocol) but doesn't have the same flexibility as DHCP or BOOTP in handing out other parameters. Such a communications server may support the use of DHCP to acquire the IP addresses it gives out. This is sometimes called doing DHCP by proxy for the client. I know that Windows NT's remote access support does this. A feature of DHCP under development (DHCPinform) is a method by which a DHCP server can supply parameters to a client that already has an IP number. With this, a PPP client could get its IP number using IPCP, then get the rest of its parameters using this feature of DHCP. SLIP has no standard way in which a server can hand a client an IP address, but many communications servers support non-standard ways of doing this that can be utilized by scripts, etc. Thus, like communications servers supporting PPP, such communications servers could also support the use of DHCP to acquire the IP addressees to give out.
I am not currently aware of any way in which DHCP can support client-computers served solely by PPP or SLIP. Such a computer doesn't have the IEEE-style MAC address that DHCP requires to act as its key to determining which client-computer is which within the same subnet. Communications servers that acquire IP numbers for their clients via DHCP run into the same roadblock in that they have just one MAC address, but need to acquire more than one IP address. One way such a communications server can get around this problem is through the use of a set of unique pseudo-MAC addresses for the purposes of its communications with the DHCP server. Another way (used by Shiva) is to use a different "client ID type" for your hardware address. lient ID type 1 means you're using MAC addresses. However, client ID type 0 means an ASCII string.

How can I relay DHCP if my router does not support it?
A server on a net(subnet) can relay DHCP or BOOTP for that net. Microsoft has software to make Windows NT do this.

Can you limit which MAC addresses are allowed to roam?
Sites may choose to require central pre-configuration for all computers that will be able to acquire a dynamic address. A DHCP server could be designed to implement such a requirement, presumably as an option to the server administrator.

What are the Gotcha's?
A malicious user could make trouble by putting up an unofficial DHCP server. The immediate problem would be a server passing out numbers already belonging to some computer yielding the potential for two or more "innocent bystander" nodes ending up with the same IP number. Net result is problems using the nodes, possibly intermittent of one or the other is sometimes turned off. A lot of problems are possible if a renegade server manages to get a client to accept its lease offering, and feeds the client its own version of other booting parameters. One scenario is a client that loads its OS over the network via tftp being directed to a different file (possibly on a different server), thus allowing the perpetrator to take over the client. Given that boot parameters are often made to control many different things about the computers' operation and communication, many other scenarios are just as serious. Note that BOOTP has the same vulnerabilities.
The "broadcast flag" DHCP includes a way in which client implementations unable to receive a packet with a specific IP address can ask the server or relay agent to use the broadcast IP address in the replies (a "flag" set by the client in the requests). The definition of DHCP states that implementations "should" honor this flag, but it doesn't say they "must". Some Microsoft TCP/IP implementations used this flag, which meant in practical terms, relay agents and servers had to implement it. A number of BOOTP-relay-agent implementations ( e.g. in routers) handled DHCP just fine except for the need for this feature, thus they announced new versions stated to handle DHCP.
Some of the virtual LAN schemes, i.e., those that use the packet's IP number to decide which "virtual LAN" a client-computer is on for the purposes of TCP/IP, don't work when using DHCP to dynamically assign addresses. DHCP servers and relay agents use their knowledge of what LAN the client-station is on to select the subnet number for the client-station's new IP address whereas such switches use the subnet number sent by the client-station to decide which (virtual) LAN to put the station on. Routers are sometimes configured so that one LAN on one port has multiple network (or subnet) numbers. When the router is relaying requests from such a LAN to the DHCP server, it must pass along as IP number that is associated with one of the network (or subnet) numbers. The only way the DHCP server can allocate addresses on one of the LAN's other network (or subnet) numbers is if the DHCP server is
specifically written to have a feature to handle such cases, and it has a configuration describing the situation.
The knowledge that a particular IP number is associated with a particular node is often used for various functions. Examples are: for security purposes, for network management, and even for identifying resources. Furthermore, if the DNS's names are going to identify IP numbers, the numbers, the IP numbers have to be stable. Dynamic
configuration of the IP numbers undercuts such methods. For this reason, some sites try to keep the continued use of dynamically allocable IP numbers to a minimum. With two or more servers serving a LAN, clients that are moved around (e.g. mobile clients) can end up with redundant leases. Consider a home site with two DHCP servers, a remote site with DHCP services, and a mobile client. The client first connects to the home site and receives an address from one of the two serves. He/she then travels to the remote site (without releasing the lease at the home site) and attempts to use the acquired address. It is of course NAK'ed and the client receives an address appropriate for the remote site. The client then returns home and tries to use the address from the remote site. It is NAK'ed but now the client broadcasts a DHCP DISCOVER to get a address. The server that holds the previous lease will offer the address back to the client but there is no guarantee that the client will accept that address; consequently, it is possible for the client to acquire an address on the other server and therefore have two leases within the site. The problem can be solved by using only one server per subnet/site and can be mitigated by short lease lengths. But in a very mobile environment, it is possible for these transient servers to consume more than their fair share of addresses. If departments, offices, or individuals run DHCP servers with their own small address pools on LANs shared by other departments, offices, or individuals, they can find that their addresses are being used by anyone on the LAN that happens to set their IP configuration to use DHCP.

5/29/2007

The Windows Vista Firewall

We all have heard at one time or another, about the Windows XP firewall and how useless it is. However true or untrue these statements are, they can effect the confidence of future Windows products security systems. This paper is intent upon educating the public on the facts of the subject matter. So, let's get with it...

The Difference:-
No third party software can lay claim to the fact that the Windows Firewall starts its protection once the computer is turned on. Is that important you ask? Absolutely. If a capable malware program could turn itself on at the same time that the computer starts to boot, common sense would dictate the danger of this. Now, knowing the fact that the Vista firewall 'does' start at boot, we need to confidently know that it is going to protect from boot.

The Interface:-
Microsoft and the Windows team have done something a little different with the Vista firewall. They have separated the firewall in to two different interfaces. The default interface is the basic one. At first glance, it looks identical to the Windows XP SP2 firewall. This basic interface is ON by default and loads basic settings for normal user protection. In most cases, this basic setting should work fine. Then they added an Advanced interface for the more security savvy individuals. This Advanced interface gives a greater flexibility over the firewalls settings.

The Basic Configuration:-
As I mentioned earlier, the Vista firewall is turned on by default and will be set to a 'basic' configuration. In this configuration, the firewall works in tandem with the new Windows Service Hardening feature. If the firewall should detect a certain activity that is deemed a prohibited behavior according to the Windows Service Hardenings preset rules, the firewall will block this suspect activity.
To access the Vista Firewalls basic settings; Click the Windows button>> Control Panel>> Windows Firewall. With the Windows Firewall window open, you will see three tabs at the top; General, Exceptions and Advanced. Let's quickly discuss each tab separately:

General tab:-
With this tab selected, you will see three possible settings; On (default), Block all programs and Off. The on and off selections are pretty self-explanatory, but the "Block all programs" option is very handy if you need to login to an unsecure public wi-fi network. With this option selected in this scenario, you will be completely protected.

Exceptions tab:-
With this tab selected, you can view all of the programs that Windows has on its default block list. If you would like to unblock a certain program, just simply click the checkbox next to the programs name. Also, at the bottom of this window you will notice that you can add or delete programs. A little further down the window, you will notice an entry titled: "Tell me when Windows Firewall blocks a program". This is enabled by default, but if you would prefer not to get popup notifications regarding blocked programs, simply de-select this option and click Apply.

Advanced tab:-
With this tab selected, you will see the available network connections on your system that can be protected by the Windows Firewall. When you see a checkmark next to the available network connection, you'll know that it is being protected. Unchecking, of course, removes the protection.
Also available under the Advanced tab is a "Security logging" feature. When you click the "Settings" button under the Security logging feature, you will be able to create and configure log files of either dropped packets or successful connections to your network and set maximum log sizes.
Another feature you'll notice is "ICMP" (Internet Control Message Protocol):
Here you are given a certain flexibility over how your computer is to respond to ICMP requests. When you click the Settings button, you will notice that the entry titled: "Allow incoming echo request" is the only entry selected (allowed). All other requests are not allowed by default.
The last available option under the Advanced tab is the "Default settings" options. When you click the "Restore Defaults" button, you will remove any previous settings changes that have been made and return the Windows Firewall back to its Default configuration. If you should get in to a little trouble while configuring your Basic settings, this is a good option to be aware of.

The Advanced Configuration:-
This is where Microsoft has added a second completely separate interface for the Windows Firewall. In order to view and configure advanced settings, you will first need to create a custom MMC (Microsoft Management Console). The purpose for this is to dissuade any novice users from accessing these settings. If you would like to create a custom MMC, here's how:

Click the Windows button
In the Search box, enter: cmd
Right click the Run Program and select "Run as administrator" from the resulting menu.
In the Run window, type in: mmc.exe [Enter] or click OK.
With MMC open, go to File>> Add/Remove Snap-in.
Open the "Available Snap-ins" list and scroll the list to locate an entry titled: "Windows Firewall With Advanced Security".
Click to select the entry and then click the "Add" button.
Accept the default (Local Computer) from the Select Computer dialog box.
Click Finish, then OK.

You will now be able to view the advanced settings in the MMC.

From within the MMC, you have a great deal of flexibility over your Windows Firewall. Some interesting configurations worth noting are:

Multiple Firewall Profiles:-
More geared around portable computing, this available option allows you to configure three different profiles for different situations. As an example, if your are traveling and are using your laptop in a public unsecured wi-fi environment, you can enable your "Public" profile. Switch to your "Private" network configured profile when surfing at home, or rely upon your "Domain" configured profile for work. Each profile tab has the same available settings changes available.
Once you've clicked one of the profile tabs, you can turn the selected profile On or Off. You also have the flexibility over Inbound and Outbound connections. By default as we have learned earlier, outbound connections are allowed and Inbound connections are NOT allowed (selected 'exceptions' are allowed). In the MMC, you can change these settings to fit your personal needs.

IPSec Configuration:-
Another tab you'll see along side each of the three profiles is the IPSec tab. IPSec (Internet Protocol Security) is a constantly developing security standard that provides for security of sensitive data that is transmitted over unprotected networks. With the IPSec tab selected, you can click the "Custom" button to configure these settings to fit your needs. Available configuration options are: Key Exchange, Data Protection and Authorization Method.

Connection Security Rules:-
After you have setup all of your profiles and configured your IPSec settings, you're now ready to setup your connection security rules. You will be guided by a wizard that helps you create security rules to determine how and when secure connections are to be applied between an individual computer or even a group of computers. Some of the flexibilities you will have here are:

Isolate certain connections and restrict a connection based on a domains membership or health status.
Set up server-to-server authentication rules
Restrict certain connections
Exemplify certain computers from authentication
Create a custom rule when nothing available applies

Once you've created your rules, you can easily delete them by right clicking and selecting Delete. Or, you can save them for a later time by selecting Disable instead. To enable the disabled rule, simply right click it and select Enable.

5/08/2007

Windows Media Player 10 Keyboard Shortcuts

Hide the menu : ALT
Zoom to 50 percent : ALT+1
Zoom to 100 percent : ALT+2
Zoom to 200 percent : ALT+3
Show or hide album information in the Rip feature : ALT+A
Start burning a CD in the Burn feature : ALT+B
Rip music from a CD to your computer in the Rip feature : ALT+C
Show video in full screen : ALT+ENTER
Show the File menu : ALT+F
Quit the program in the current window : ALT+F4
Show the anchor window menu : ALT+F6, ALT
Show the Help menu : ALT+H
Show or hide album information in your library : ALT+I
Save a new or changed playlist to your library : ALT+L, A
Show a list of items to burn to CD in the List pane in your library : ALT+L, B
Select the columns to be shown in your library : ALT+L, C
Show a playlist from your library in the List pane. : ALT+L, E
Shuffle items in the List Pane in your library : ALT+L, H
Create a playlist or auto playlist in the List pane in your library : ALT+L, N
Show or hide the List pane in your library : ALT+L, S
Edit items in the List pane by using the Edit Playlist dialog box in your library : ALT+L, U
Activate double-clicking to add selected items to the List pane in your library : ALT+O, A
Show a list of items to burn to CD in the List pane in your library : ALT+O, B
Select the columns to be shown in your library : ALT+O, C
Select items in the Details pane of your library that contain media information for the selected sort order : ALT+O, G
Activate double-clicking to play only selected items in a playlist in your library. : ALT+O, I
Activate double-clicking to play all items in a playlist in your library : ALT+O, P
Play items in the Now Playing list repeatedly in your library : ALT+O, R
Show or hide the List pane in your library : ALT+O, S
Show a list of items to play in the List pane in your library : ALT+O, W
Show the Play menu : ALT+P
Search for items in your library that include the text in the Search box : ALT+S
Restore the Player from mini Player mode : ALT+SHIFT+P
Show the Tools menu : ALT+T
Show the View menu : ALT+V
Go to the Features taskbar features : ALT+V, G
Move left or right or up or down on menus or lists : Arrow keys
Switch to full mode : CTRL+1
Switch to skin mode : CTRL+2
Select or clear check boxes for multiple items that are not contiguous : CTRL+arrow keys, SPACEBAR
Play the previous item : CTRL+B
Edit the current playlist on the File menu : CTRL+D
Eject the CD or DVD on the Play menu : CTRL+E
Play the next item : CTRL+F
Shuffle the playlist on the Play menu or the Skin shortcut menu : CTRL+H
Capture a still image from a DVD on the View menu : CTRL+I
Show the menu bar in full mode : CTRL+M
Create a playlist on the File menu : CTRL+N
Open a file on the Skin shortcut menu or the File menu : CTRL+O
Play or pause a file : CTRL+P
Stop playback : CTRL+S
Rewind (not available for all files) : CTRL+SHIFT+B
Turn captions and subtitles on or off : CTRL+SHIFT+C
Play faster than normal speed (time compression) : CTRL+SHIFT+G
Play slower than normal speed (time expansion) : CTRL+SHIFT+S
Repeat the playlist : CTRL+T
Switch between the inner and outer areas of the Player : CTRL+TAB
Specify either a URL or path of a file : CTRL+U
Close or stop playing a file on the File menu : CTRL+W
Delete a selected item in the Sync feature : DELETE
Select the next item in the list : DOWN ARROW
Play an item : ENTER
Hide the menu : ESC
Open Help : F1
Search specified locations for digital media files : F3
Refresh the information in the panes in the Sync feature : F5
Mute the volume : F8
Decrease the volume : F9
Select or clear contiguous check boxes : SHIFT+arrow keys, SPACEBAR
Show the shortcut menu for the selected item : SHIFT+F10
Select the previous area : SHIFT+TAB
Select or clear a check box : SPACEBAR
Select the next area : TAB
Select the previous item in the list : UP ARROW
Thanks for Windows Media.

FAT32 ( File Allocation Table 32 )

What is this FAT32 I keep hearing about?
FAT32 is a new feature introduced by Microsoft to reduce wasted cluster space. You can find FAT 32 in the OSR2 version of Windows 95.

What is the difference between FAT16 & FAT32?
Inside every hard drive, there are clusters. The larger the partition, the bigger the cluster size. Many people resort to partition their hard drive into smaller partitions to reclaim wasted cluster disk space. FAT32 reduces the cluster size so you don't have to partition your hard drive to save disk space. The table below shows the difference:
FAT16

Cluster size	Partition Size
2 KB	128 MB
4 KB	256 MB
8 KB	512 MB
16 KB	1 GB
32 KB	2 GB

FAT32

Cluster size	Partition Size
2 KB	<>
4 KB	260 MB - 8 GB
8 KB	8 GB - 16 GB
16 KB	16 GB - 32 GB
32 KB	32 GB<

As you can see, the maximum partition size under FAT16 is only 2 GB while FAT32 supports up to 32GB. And also, the cluster size for a 2GB partition is 32 KB while a partition between 260 MB to 16 GB ( for home or personal use range ) 's cluster size is 4 KB, saving nearly 8 times less cluster space than a partition that is under FAT16.

Does that means that I will have FAT32 installed if I have OSR2?

Yes and no. It depends on how your OSR2 was installed. If installed from the setup disk ( included in your package ) then setup will format your hard drive leaving you with a FAT32 hard drive. But if OSR2 is installed from DOS or the earlier version of Windows 95, then you will be using the old FAT16.

I have a copy of OSR2. What is the most common way to convert my hard drive to support FAT32?
The most common way is to format the whole hard drive. Boot to command prompt and run setup from the OSR2 CD. Go along setup until you are prompted to make a boot disk. Insert an empty disk and label it OSR2 boot disk. Then, cancel setup. Now boot your PC from the boot disk. Format the hard drive from the boot disk using the format command. (Note: Do not use the /q switch as it will just erase all data. Use full format.) After your hard drive is formatted, it will support FAT32.

Is there any other way I can convert FAT16 to FAT32 without formatting my hard drive?
Yes, by using some third party software or utilities.

What are the utilities that can convert FAT16 to FAT32?
Microsoft has released one that is currently available at the Microsoft site. Powerquest also have developed one as part of Partition Magic. We believe there are also other FAT32 conversion utilities on the Internet written by shareware of freeware authors. Also, Windows 98 ships with a FAT32 converter.

Can I install OSR2 on a FAT16 partition/drive?
OSR2 does not need FAT32 to be installed. OSR2 will run happily on any FAT16 partition / drive.

5/07/2007

Windows Registry FAQ

What is the Registry?
The Registry is a database used to store settings and options for the 32 bit versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. It contains information and settings for all the hardware, software, users, and preferences of the PC. Whenever a user makes changes to a Control Panel settings, or File Associations, System Policies, or installed software, the changes are reflected and stored in the Registry.
The physical files that make up the registry are stored differently depending on your version of Windows; under Windows 95, 98 & ME it is contained in two hidden files in your Windows directory, called USER.DAT and SYSTEM.DAT, while under Windows NT/2000 the files are contained separately in the %SystemRoot%\System32\Config directory. You can not edit these files directly, you must use a tool usually known as a "Registry Editor" to make any changes (using registry editors will be discussed later in the article).

The Structure of the Registry
The Registry has a hierarchal structure, although it looks complicated the structure is similar to the directory structure on your hard disk, with Regedit being similar to Windows Explorer.

Each main branch (denoted by a folder icon in the Registry Editor, see left) is called a Hive, and Hives contains Keys. Each key can contain other keys (sometimes referred to as sub-keys), as well as Values. The values contain the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context.

There are six main branches, each containing a specific portion of the information stored in the Registry. They are as follows:

HKEY_CLASSES_ROOT - This branch contains all of your file association types, OLE information and shortcut data.
HKEY_CURRENT_USER - This branch links to the section of HKEY_USERS appropriate for the user currently logged onto the PC.
HKEY_LOCAL_MACHINE - This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC, this information is used for all users who log onto this computer.
HKEY_USERS - This branch contains individual preferences for each user of the computer, each user is represented by a SID sub-key located under the main branch.
HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration.
HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added and removed from the system.

Each registry value is stored as one of five different data types:

REG_BINARY - This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format.
REG_DWORD - This type represents the data by a four byte number and is commonly used for boolean values, such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, and can be displayed in REGEDT32 in binary, hexadecimal and decimal format, or in REGEDIT in hexadecimal and decimal format.
REG_EXPAND_SZ - This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced by the actual location of the directory containing the Windows NT system files. (This type is only available using an advanced registry editor such as REGEDT32)
REG_MULTI_SZ - This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32)
REG_SZ - This type is a standard string, used to represent human readable text values.

Editing the Registry
The Registry Editor (REGEDIT.EXE) is included with most version of Windows (although you won't find it on the Start Menu) it enables you to view, search and edit the data within of the Registry. There are several methods for starting the Registry Editor, the simplest is to click on the Start button, then select Run, and in the Open box type "regedit", and if the Registry Editor is installed it should now open and look like the image below.

An alternative Registry Editor (REGEDT32.EXE) is available for use with Windows NT/2000, it includes some additional features not found in the standard version, including; the ability to view and modify security permissions, and being able to create and modify the extended string values REG_EXPAND_SZ & REG_MULTI_SZ. Create a Shortcut to Regedit
This can be done by simply right-clicking on a blank area of your desktop, selecting New, then Shortcut, then in the Command line box enter "regedit.exe" and click Next, enter a friendly name (e.g. 'Registry Editor') then click Finish and now you can double click on the new icon to launch the Registry Editor.

Using Regedit to modify your Registry
Once you have started the Regedit you will notice that on the left side there is a tree with folders, and on the right the contents (values) of the currently selected folder.

Like Windows explorer, to expand a certain branch (see the structure of the registry section), click on the plus sign [+] to the left of any folder, or just double-click on the folder. To display the contents of a key (folder), just click the desired key, and look at the values listed on the right side. You can add a new key or value by selecting New from the Edit menu, or by right-clicking your mouse. And you can rename any value and almost any key with the same method used to rename files; right-click on an object and click rename, or click on it twice (slowly), or just press F2 on the keyboard. Lastly, you can delete a key or value by clicking on it, and pressing Delete on the keyboard, or by right-clicking on it, and choosing Delete.

Note: it is always a good idea to backup your registry before making any changes to it. It can be intimidating to a new user, and there is always the possibility of changing or deleting a critical setting causing you to have to reinstall the whole operating system. It's much better to be safe than sorry!

Importing and Exporting Registry Settings
A great feature of the Registry Editor is it's ability to import and export registry settings to a text file, this text file, identified by the .REG extension, can then be saved or shared with other people to easily modify local registry settings. You can see the layout of these text files by simply exporting a key to a file and opening it in Notepad, to do this using the Registry Editor select a key, then from the "Registry" menu choose "Export Registry File...", choose a filename and save. If you open this file in notepad you will see a file similar to the example below:

REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"SetupType"=dword:00000000
"CmdLine"="setup -newsetup"
"SystemPrefix"=hex:c5,0b,00,00,00,40,36,02

The layout is quite simple, REGEDIT4 indicated the file type and version, [HKEY_LOCAL_MACHINE\SYSTEM\Setup] indicated the key the values are from, "SetupType"=dword:00000000 are the values themselves the portion after the "=" will vary depending on the type of value they are; DWORD, String or Binary.

So by simply editing this file to make the changes you want, it can then be easily distributed and all that need to be done is to double-click, or choose "Import" from the Registry menu, for the settings to be added to the system Registry.

Deleting keys or values using a REG file
It is also possible to delete keys and values using REG files. To delete a key start by using the same format as the the REG file above, but place a "-" symbol in front of the key name you want to delete. For example to delete the [HKEY_LOCAL_MACHINE\SYSTEM\Setup] key the reg file would look like this:
REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup]

The format used to delete individual values is similar, but instead of a minus sign in front of the whole key, place it after the equal sign of the value. For example, to delete the value "SetupType" the file would look like:

REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"SetupType"=-

Use this feature with care, as deleting the wrong key or value could cause major problems within the registry, so remember to always make a backup first

Regedit Command Line Options
Regedit has a number of command line options to help automate it's use in either batch files or from the command prompt. Listed below are some of the options, please note the some of the functions are operating system specific

regedit.exe [options] [filename]

filename Import .reg file into the registry
/s Silent, i.e. hide confirmation box when importing files
/e Export registry file
e.g. regedit /e file.reg HKEY_USERS\.DEFAULT
/L:system Specify the location of the system.dat to use
/R:user Specify the location of the user.dat to use
/C Compress [filename] (Windows 98

Maintaining the Registry
How can you backup and restore the Registry

Windows 95
Microsoft included a utility on the Windows 95 CD-ROM that lets you create backups of the Registry on your computer. The Microsoft Configuration Backup program, CFGBACK.EXE, can be found in the \Other\Misc\Cfgback directory on the Windows 95 CD-ROM. This utility lets you create up to nine different backup copies of the Registry, which it stores, with the extension RBK, in your \Windows directory. If your system is set up for multiple users, CFGBACK.EXE won't back up the USER.DAT file.
After you have backed up your Registry, you can copy the RBK file onto a floppy disk for safekeeping. However, to restore from a backup, the RBK file must reside in the \Windows directory. Windows 95 stores the backups in compressed form, which you can then restore only by using the CFGBACK.EXE utility

Windows 98
Microsoft Windows 98 automatically creates a backup copy of the registry every time Windows starts, in addition to this you can manually create a backup using the Registry Checker utility by running SCANREGW.EXE from Start Run menu

What to do if you get a Corrupted Registry
Windows 95, 98 and NT all have a simple registry backup mechanism that is quite reliable, although you should never simply rely on it, remember to always make a backup first

Windows 95
In the Windows directory there are several hidden files, four of these will be SYSTEM.DAT & USER.DAT, your current registry, and SYSTEM.DAO & USER.DAO, a backup of your registry. Windows 9x has a nice reature in that every time it appears to start successfully it will copy the registry over these backup files, so just in case something goes wrong can can restore it to a known good state. To restore the registry follow these instruction:

1.Click the Start button, and then click Shut Down

2.Click Restart The Computer In MS-DOS Mode, then click Yes.

3.Change to your Windows directory. For example, if your Windows directory is c:\windows, you would type the following:

cd c:\windows

4.Type the following commands, pressing ENTER after each one. (Note that SYSTEM.DA0 and USER.DA0 contain the number zero.)

attrib -h -r -s system.dat
attrib -h -r -s system.da0
copy system.da0 system.dat
attrib -h -r -s user.dat
attrib -h -r -s user.da0
copy user.da0 user.dat

5.Restart your computer

Following this procedure will restore your registry to its state when you last successfully started your computer.

If all else fails, there is a file on your hard disk named SYSTEM.1ST that was created when Windows 95 was first successfully installed. If necessary you could also change the file attributes of this file from read-only and hidden to archive to copy the file to C:\WINDOWS\SYSTEM.DAT.

Windows NT
On Windows NT you can use either the "Last Known Good" option or RDISK to restore to registry to a stable working configuration.

How can I clean out old data from the Registry?
Although it's possible to manually go through the Registry and delete unwanted entries, Microsoft provides a tool to automate the process, the program is called RegClean. RegClean analyzes Windows Registry keys stored in a common location in the Windows Registry. It finds keys that contain erroneous values, it removes them from the Windows Registry after having recording those entries in the Undo.Reg file. You can download this free utility from our downloads page.

5/06/2007

Linux Online FAQ

What is Linux?
Linux is a Unix-like operating system originally developed by Linus Torvalds in 1991. To get the whole story, see our Page devoted entirely to this question.

Where can I get Linux?
here are literally hundreds of places you can get Linux because there are hundreds of "versions" or distributions of Linux. If you think you might want Linux because you're considering alternatives to Microsoft Windows or Macintosh OS for everyday computer use, you may want to check out a version of Linux called 'Knoppix', which will boot from your CD drive and does not need to be installed. If you're interested in Linux for other reasons, we invite you to look at our list of Linux distributions. You'll likely find what you're looking for there.

What is a Linux distribution?
A Linux "distribution" is version of the Linux operating system made especially by a company, organization or individual. The one thing they all have in common is that they use the Linux kernel. From there on, each developer will add its own programs, tools and other applications. Some are dedicated to specific uses while others are intended for the general public. Again, you'll find more information at our Linux distributions page.

Which Linux distribution do you recommend?
Linux Online tries to be impartial, particularly when it comes to for-profit, commercial distributions. We really don't recommend any one distribution over others. Also, there are so many factors to take into account when choosing a distribution that it would be impossible to make recommendations in general.

Can we have permission to use the Linux penguin logo?
Larry Ewing is the creator of the Linux penguin, Tux. Larry was kind enough to give free license to use it when he created it provided you give the correct attributions. If you're in doubt, please have a look at his website for more information. http://www.isc.tamu.edu/~lewing/linux/

Can you please forward this email/letter/gift/etc to Linus Torvalds?
Linus Torvalds does not work here at Linux Online so we don't handle any of Linus' correspondence. At present, he is working full-time on the kernel for the Open Source Development Labs. Please contact them if you need to get in touch with Linus or you wish to send him something. http://www.osdl.org/about_osdl/contact_osdl.html

Can you please send me Linux CDs?
Linux Online is a general information site about Linux. It is not a retailer of CDs, therefore we can't send you commercial versions of Linux. As far as non-commercial versions go, we do not have the staff and means to handle the enormous amount of potential requests for CDs. We do provide a list of retailers who can send you CDs of Linux distributions - some at very low cost.

Where can I find a driver for my hardware?
As Linux grows in popularity, it also gains support for a wider range of hardware. The Linux kernel now supports and enormous amount of hardware and most major Linux distribution incorporate this support into their products. You can also get hardware support by downloading, compiling and installing the latest version of the Linux kernel. In some cases, hardware manufacturers want to provide Linux support without incorporating their drivers into the kernel, so they provide separate drivers. If you're looking for these it's best to consult the manufacturer's website or send them an inquiry by email. Then there are some hardware manufacturers who don't support Linux, so no drivers are available. If you're already running Linux, it's best to check to see if new hardware you want to purchase is supported.

Can I run applications for MS Windows on Linux?
The short answer to this is: no, not automatically and not directly. That is to say, Microsoft Windows and Linux applications cannot run the same applications because they are not designed in the same way. However, there are some ways to run programs for Microsoft Windows on Linux using emulators and other means. If you need/want to run an application designed for Microsoft Windows on Linux, you might want to check out the following applications:

WINE
Crossover Products
Win4Lin
VMWare

What does GNU/Linux refer to?
NU/Linux is the name Richard Stallman, founder of the Free Software Foundation and the GNU project, and its supporters prefer over just Linux. They cite the fact that Linux could not have come into being without tools from the GNU project. Though this is true, use and custom has favored just Linux over GNU/Linux in the public consciousness. This website's use of the term Linux in no way tries to minimize the contributions of the Free Software Foundation. We feel that it's easier for people to identify the operating system by that simpler name and in the end, that helps in its adoption.

Is Linux a company?
There is no company called Linux. Linux is an operating system. There are many companies that develop Linux products and provide services based on Linux, but not one called Linux who "controls" the operating system.

Can I buy stock in Linux?
As we mentioned in the previous answer, there is no company called "Linux", so there can't be any stock in a non-existent company. However, several companies are publicly traded who do provide Linux products and services. Here are a few that directly produce the Linux operating system.

Novell (Symbol: NOVL)
Red Hat (Symbol: RHAT)

Companies like IBM and Hewlett-Packard have also put tremendous support behind Linux and they are publicly traded.

Who is SCO?
SCO or officially The SCO Group is the latest incarnation of what was founded as Caldera, formerly a Linux distribution company. In 2000, Caldera bought the Unix division of a company known as the Santa Cruz Operation (or SCO) and apparently acquired some rights to distribute the Unix operating system. New management took over at Caldera in 2002 and in early 2003, members of this new management team decided to abandon development of their Linux distribution and in a remarkable about-face, filed suit against IBM alleging that the computing giant had put Unix technology, which it claims it controls, into the Linux kernel in violation of contractual obligations. Caldera shortly after the suit was filed, officially changed their name to The SCO Group and is popularly known as SCO. This has since blown up into a huge controversy. For more information, see our page dedicated to the SCO case.

Does SCO own Linux?
They would like you to believe that they do. They will even sell you a Linux license under the threat that if you don't, they could sue you. However, we believe this is a lot like a paternity suit, just a bit more complicated.

4/09/2007

How Does Secure Socket Layer (SSL) Work?

The Secure Socket Layer, SSL for short, is a protocol by which many services that communicate over the Internet can do so in a secure fashion. Before we discuss how SSL works and what kinds of security it provides, let us first see what happens without SSL.

Life on the Internet without SSL
Let us make an analogy between communications between computers on the Internet and communications between people over the telephone. Without SSL, your computer-to-computer communications suffer from the same security problems from which your telephone communications suffer:

Who are you talking to?In a phone conversation, how can you be sure that the person who picks up the phone at the other end is really the person you are trying to call (especially if you have never spoken to them before)? What if your phone call was intercepted or re-routed, or what if someone else is answering your call recipient's phone? There really is no way to be sure you have reached the right person, especially if they are trying to fool you.
Eavesdropping? As you are aware of from watching TV or reading, it is very easy to tap phone lines: the police and spies do this all the time to covertly gather information. It is not easy to detect if your lines are tapped. The same applies with communications over the Internet - how can you be sure that your communications are not being "tapped" and recorded?

This results in two very real security issues for communications over the Internet: 1. knowing for sure that you are connecting to the right computers (i.e. those at your bank and not those at a hacker's or phisher's web site), and 2. knowing that your data is safe from prying eyes during transit to those computers. This is where SSL comes in.

Enter the Secure Socket Layer (SSL)
To solve these problems to a large degree, most Internet services support use of SSL as a mechanism for securing communications. To illustrate how SSL works, let us use another analogy.
Client wants to communicate with Company to send important information back and forth. Client wants to be 100% sure that s/he is communicating with Company and that no one can eavesdrop on the communications. How can s/he do this?

Client sends a courier to the Company's address.
The company has envelopes that, when closed, can only be opened by the company. The company and the courier go together to a trusted third party - a notary - which makes the company provide documentation to prove its identity. The notary certifies the company's secure envelopes and the courier takes these back to the client.
The client gets the envelopes and, if it trusts the notary's reputation, can be sure that they are actually from the company indicated.
The client also has secure envelopes that, once sealed, only the client can open. It puts some of these in one of the company's secure envelopes and sends them back to the company.
The company gets the sealed secure envelope. It opens the envelope (as only it can). It now has the client's secure envelopes.
The company has another kind of envelope that can be opened and sealed only by using a special combination. The company puts this special envelope with the combination lock, together with the combination, into one of the client's secure envelopes. The company seals the envelope.
The company has another type of secure envelope that anyone can open, but which only the company can seal. If you open one of these sealed envelopes, you know for sure that it was sent by the company. The company puts the whole package inside this and sends it to the client.
When the client gets the secure envelope, it opens it and thus knows that it came from the company. It then opens the next secure envelope inside that can only be opened by the client. Inside it gets out the combination-envelope and the combination itself.
The client the puts his data in the combination envelope, seals it and sends it to the company.
The company receives it, opens it, and puts the response in the same secure envelope and sends it back.
The procedure is repeated as often as necessary for required communications.

SSL relies on the concept of "public key cryptography" to accomplish these tasks. In normal encryption, the two parties communicating share a "password" and that password is used to both encrypt and decrypt messages. While this is fast and efficient, how do you communicate passwords to people you have not yet met in a way that is itself secure?
In "public key cryptography", each person has two keys - a "public" key and a "private" key. Anything encrypted with the user's public key can only be decrypted with the private key and vice versa. Each person then tells the world what his public key is and keeps his private key safe and secure, and private.
If John sends Mary a message encrypted with Mary's public key, then only Mary can open it, as only she has her private key. This is like an envelope that anyone can seal but which only Mary can open.
If John sends Mary a message encrypted with John's private key, then anyone can open it, as everyone has access to John's public key. However, successfully opening the message proves that it was sent by John and no one else, as only John has access to his private key. This is like an envelope that only John can seal, but which anyone can open and thus prove that John sealed it.

SSL in Action
So, lets see how SSL actually works for securing your communications over the Internet. Before the communications occur, the following takes place:

Company wishes to secure communications to their server company.com.
They create a public and private key for company.com (this is also known as a "certificate").
They go to a "Trusted" third party company such as Thawte or Verisign: Thawte makes Company prove its identity and right to use the company.com domain. This usually involves a lot of paperwork and paying a hefty fee.
Once the verification is complete, Thawte gives Company a new public key that has some additional information in it. This information is the certification from Thawte that this public key is for Company and company.com and that this is verified by Thawte. This certification information is encrypted using Thawte's private key... we will see why below.

Then, when Client wishes to communicate with Company at company.com,

Client makes a connection to company.com with its computer. This connection is made to a special "port" (address) on company.com that is set up for SSL communications only.
When Client connects to company.com on its SSL-secured port, Company sends back its public key.
Client gets the public key and decides if it is OK...

1. If the public key has expired, this could be a problem
2. If the public key claims to be for some domain that is not company.com that could be a problem.
3.Client has the public key for Thawte (and many other third party companies) stored in its computer - because these come with the computer. Thus, client can decrypt the validation information, prove the validation is from Thawte and verify that the public key is certified by Thawte. If Client trusts Thawte, then Client can trust that he/she is really communicating with Company. If Client doesn't trust Thawte, or whatever Third Party company is actually being used, then the identity of who is running the computers to which Client is connecting is suspect.

If client decides to trust the public key, then Client will send to Company the Client's public key.
Company will then generate a "password" and encrypt it using both Client's public key and Company's private key, in succession, and send it back to the client.
Client will decrypt the password. This process proves that Company sent the password and that only Client was able to read it.
Client will start communicating with Company by encrypting data using this password. Normal "symmetric" (password-based) encryption takes place from this point forward because it is much faster than using the public and private keys for everything. These keys were needed to enable Company to prove its identity and right to domain.com and to give client the password in a safe way.

So, Are there Limitations to This Process?
This all sounds great - what are the down sides? There are a few.
Key Length:The statement that "only someone with the private key can decrypt something encrypted with the public key" is true so long as the private key cannot be "guessed". Hackers may try to do this by trying all possible private key combinations. Older "40bit" keys can be broken by trial and error if one has access to vast computer resources and a good amount of time. These days, keys used in SSL are 128bit or better. There are so many possible keys with 128bit that it would take significantly longer than the age of the universe to "guess" one.
Trust:While use of SSL ensures that your communications cannot be spied on, it comes down to trust to ensure that you are actually communicating with your intended company. This is reflected in the validation of company.com and your trust of the third party organization. Some "secure sites" do not bother to get a third party's approval and have their keys approved by "themselves". Others use third parties that are almost free and which spend very little effort in validating the company. In these cases, SSL provides you with no real assurance that you are really talking to your intended company and not some hacker trying to forge their identity to communicate with you in a manner in which you think you are safe.
For defensive use of the web, you should pay attention to warnings generated by SSL when you connect to secure sites. Such warnings include "expired certificates", "domain name mismatches" - where the domain name presented by the company is different than the one to which your are connecting, and "non trusted certificates" - where the public key (certificate) presented by the company was not validated by a third party that your computer trusts. In all of these cases, you should be wary.