Wikipedia:Reference desk/Archives/Computing/2008 April 16

= April 16 =

what was that filesystem bit called? stupid bit?
I have a vague recollection of reading about this filesystem bit from bygone days of computing. It was a filesystem attribute which did something annoying. Keep the file from being copyable, or executable, or readable, or something, I forget. To bypass the restriction, anyone with the right know-how could simply toggle that bit. I believe it was for an old Macintosh or maybe even Apple II operating system, but I'm not sure. And it had some cute name like "the stupid bit" or "the dumb bit". I may have read about it in a recent John Siracuse Mac OS X review, but if so, I can no longer find it.

Does anyone know what the heck I'm talking about? Thanks -lethe talk [ +] 02:36, 16 April 2008 (UTC)


 * I don't know my  DOS has the Archive bit, which was supposed to be used to be cleared upon writing, so you can tell if the file needed to be backed up.  Old Unix machines had a Sticky bit, which was used to tell the computer to try to keep the code in memory.  It has different uses today.  I don't see anything at Apple ProDOS, Apple DOS, or Hierarchical File System but you might look at Category:Disk_file_systems.  Also, the old Zip disk didn't have a physical write-protect system, so you could unprotect a disk without the user's intervention. --Mdwyer (talk) 03:55, 16 April 2008 (UTC)


 * Check out this link. I guess this is what I was thinking of?  "The Bozo bit".


 * "My first encounter with a Bozo bit was in the Mac Resource Fork contents, described in Inside Macintosh for the 128K Mac. The rumor then was that it identified MS code, although Multiplan (the first wysiwyg spreadsheet) was not yet out. I had always assumed that was its origin -- does it go back further?


 * The BOZO bit you're talking about was a rather lame attempt at copy protection. Utilities that copied files were supposed to check to see if this bit was set; if so, the utility should refuse to copy the file. It took nanoseconds for someone to write a utility that ignored the BOZO bit. This sounds like the same thing as the Broadcast Flag?."


 * I don't know where I would have heard of that though... -lethe talk [ +] 08:05, 16 April 2008 (UTC)

non-wiki contributions (2)
Earlier I asked what website solutions, other than wikis, exist that enable users of a site to add content such as answer and post questions? Thanks to everyone who answered, but I think you get the wrong end of the stick. What I meant was software solutions, hopefully opened source, like the software behind yahoo answers etc or a clone of it. —Preceding unsigned comment added by Mr nibble (talk • contribs) 08:54, 16 April 2008 (UTC)

If you are into blogging, WordPress could be just right for you. There is also a good list of CMS at the English Wikipedia. If you have a bit of time, why not play around in List of content management systems? You should be able to set up blogs and anyone will be able to answer your questions via the comments feature. I hope it helps. Kushal 20:46, 16 April 2008 (UTC)

Skype problem
A friend of mine installed Skype (in Cambridge in the UK) but when I call her (from Birmingham in the UK) I often hear two rings followed by the engaged signal. When I do get through she says the phone didn't ring earlier and she wasn't using it. Now other people report the same problem and it also happens with someone else in her office who has a separate Skype number. Does anyone know if this is a common problem with Skype or might they have set it up wrong?--Shantavira|feed me 10:37, 16 April 2008 (UTC)

Thomaso.mirodin (talk) 13:54, 18 April 2008 (UTC)
 * "When in doubt, reinstall" My first suggestion would be to reinstall on both ends, and if that doesn't work it is probably either your ISP or Skype.

Smart card questions
I have been researching and experimenting with PKI under Linux and I have a few questions about storing private keys and identity certificates on smart cards.


 * I've read that some smart cards can perform RSA, etc., functions on the card. Does this mean they can store private keys encrypted on the card which are decrypted on the fly with the PIN when the private key is needed? This seems more secure than relying on tamper-resistant designs to try and secure a unencrypted key in memory.


 * I've read that SIM cards and smart cards are basically the same thing, but different physical form factors. Can you buy blank SIM cards to store certs on like blank smart cards? Can they be read with a normal SIM card reader like a smart card reader? I really like the smaller form factor, which could be hole punched and put on a key ring instead of in a wallet.

Thanks for any input! 66.75.102.95 (talk) 11:00, 16 April 2008 (UTC)


 * Let's start with some generalities. A smartcard contains a so-called module (the chip with the metal contacts on top). There are a variety of card form factors but the modules follow the same spec. The module communicates with the reader using a serial link. ISO/IEC 7816 describes this interface. This includes the mechanical and electrical specifications, the properties of the serial link and the base communication protocol. What this means is that any reader can read any card and obtain basic info on the card.
 * What make them different is the high-level application protocol spoken by the card. Each application (GSM SIM, banking cards (EMV), telephone cards, etc...) defines such a protocol. To give an example a GSM operator will buy a module (see for an example of a manufacturer) and write the custom software that runs on it. If the software speaks the GSM SIM protocol, you have a SIM card. Of course the same chip can support several protocols at the same time.
 * A card needs some software that speaks one of these protocols. In principle you can write this software yourself, thus giving you total flexibility. The most common languages for this are C, assembly and java. Of course devising a message protocol, writing the software on the card and on the reader is a huge undertaking and is rarely needed.
 * In the case of crypto applications, there already is a relevant application standard (ISO/IEC 7816-8). All you have to do is buy a card that follows this standard (it will include crypto hardware and the necessary software). See for an example. You then use a standard API (PKCS11/PC/SC) on the computer linked to the reader to communicate with the card.
 * This API gives you access to the crypto primitives offered by the card (store key, generate key pair, encrypt, decrypt). You can also store arbitrary data on the card, although storage is usually severely limited. Using the API, you can build a variety of authentication schemes, including schemes using PINs. Although to come back to your particular example, I wouldn't worry about keys leaking from the card. They really are secure. This API allows you to give smartcard support to custom applications. Note that many apps (like firefox for example) already have this support.
 * On linux there is a project that provides an implementation of PKCS11 along with drivers for a variety of cards and card readers. They also offer some ready-made applications built on top of it, like PAM integration for example. Morana (talk) 07:22, 17 April 2008 (UTC)


 * Wow, thanks for sharing your knowledge. They way you described the application and protocols finally answered what makes a smart card a SIM card, or a bank card, or whatever, which I've been wondering about for the last fews days. I have some more questions, if you would be so kind:
 * I understand the some smart cards can perform cryptological functions on board, such as generating keys and using those keys to sign or encrypt data. Does that mean that to encrypt or sign a chunk of data, it must all pass through the card smart card? That seems secure, but if it's a large amount of data, wouldn't the speed and communication channel bandwidth depend entirely on the smart card's capabilities?
 * For encryption, a combination of symmetric and public key cryptography is usually used. i.e. to encrypt an email you first generate a random key ($$k_t$$), encrypt the email with $$k_t$$ using a symmetric cipher, encrypt $$k_t$$ with the public key and attach the encrypted key to the message. When decrypting, you first decrypt $$k_t$$ with the private key then decrypt the message with $$k_t$$ using the symmetric cipher. The smartcard is only used to decrypt the symmetric key, which is only a few bytes long.
 * Cool, that makes a lot more sense. Similar to how full drive encryption encrypts a secondary key with your private key/passphrase so if you want to change your key or passphrase, you don't have to decrypt and re-encrypt the entire drive, just the secondary key. -- Eric —Preceding unsigned comment added by 70.2.178.61 (talk) 20:16, 17 April 2008 (UTC)
 * For signing, a hash of the message is taken, encrypted with the private key and attached to the message. To check the signature, the encrypted hash is decrypted using the public key. A hash of the received message is computed and the two hashes are compared. If they match, the message has not been altered and the signature is valid. The smartcard only has to encrypt the hash (also only a few bytes long). Morana (talk) 10:02, 17 April 2008 (UTC)
 * I know the smart card modules have a lot of tamper-resistant designs and engineering put in to them, but I've also read about many ways with enough motivation and resources (we're talking NSA level) how to defeat most of them. I don't want to seem paranoid, but that's why I was wondering if private keys are actually encrypted with a PIN-passphrase not stored anywhere on the card.
 * Thanks again! -- Eric 66.75.102.95 (talk) 08:11, 17 April 2008 (UTC)

Office transfer
When I bought a new DakTech computer in 2005, I also bought Microsoft Office 2003 Professional (student discount :-) and installed it, and have used it since; I still have the installation CDs. Since this computer is failing somewhat, I bought a new computer this month: an HP with Vista. My ideal is to install Office on the HP before uninstalling it on the DakTech, since I always have schoolwork that needs to be done in Office. What procedure do I have to follow? Say, do I have to get a new installation code or something like that? I don't remember anything of the process for installation from three years ago, except that I used the installation CDs. Nyttend (talk) 13:36, 16 April 2008 (UTC)


 * Install it using the instructions that came with it. Use the installation code that came with the disks.  If it fails (license in use), you will get a phone number you can call.  Call and explain that you are removing it from one PC and putting it on anther.  You will be asked if you are definitely removing it from the old computer.  Say yes and you'll get the license activated for the new computer. --  k a i n a w &trade; 15:17, 16 April 2008 (UTC)

Software Configuration Management Tools - A Matrex for Comparing Vendors' Products?
Can you find a 'Product Comparison Matrex' of major Software Configuration Management Tools so I can easily see strengths/weaknesses of the various products?Ckdavis (talk) 16:31, 16 April 2008 (UTC)Keith


 * See Comparison of revision control software. -- k a i n a w &trade; 19:19, 16 April 2008 (UTC)


 * And, in case you want to try a search engine, I should point out that it's spelled "matrix". Google, however, may very well fix your spelling for you. StuRat (talk) 15:43, 17 April 2008 (UTC)

Thanks for the terrific find, User:Kainaw. --Ckdavis (talk) 15:50, 17 April 2008 (UTC)

Virus activated by a phone call?
In the season three of the TV series 24, Nina Myers tricks Jack Bauer into dialing a phone number and entering a series of number after the ring tone (I think it was the busy signal, but she tells him not to hang up and keep entering the numbers). It activates a computer virus in the CTU system which Myers had secretly implanted. I wonder if such a thing is actually possible in the current technology or was just a sci-fi prop. --BorgQueen (talk) 17:06, 16 April 2008 (UTC)
 * Reproducing that effect is indeed technically possible. In fact, the virus has to be already in the system, activated (but lying benign) and running to monitor incoming calls. Once the call from a pre-defined number arrives, or an activation code entered, the virus starts its destructive behavior. --soum talk 17:30, 16 April 2008 (UTC)
 * That's very interesting. Thanks for the reply. --BorgQueen (talk) 19:25, 16 April 2008 (UTC)
 * I guess the phone's planted to a modem of some sort, and the malware app is so coded that it can activate on ring. The virus had to be planted in the system.

Codasyl database
An academic database maintains different information about:students departments, courses, and tutors. Each student assigned to a particular course and has one tutor. A tutor for a number of students to tutees. Each course operates in one of the 5 departments within the college. And each department runs many courses. The system also records previous qualifications obtained by students. Question: a)Draw a Codasyl Schema to reflect the information held in the academic database. b)Draw a diagram to illustrate an owner and its member records in the academic database.Halaangel (talk) 19:54, 16 April 2008 (UTC)


 * Answer 1) Take the time to read the information at the top of the page which states that we will NOT do your homework for you, 2) Representation of this concept: RDeditors + Homework <> Success -- LarryMac  | Talk  20:16, 16 April 2008 (UTC)


 * Codasyl? Yikes your school is... old school.  Good luck!  --90.209.36.146 (talk) 20:25, 16 April 2008 (UTC)

Registry
Hi

I deleted some unuseful keys from the registry editor, I deleted them this way,by clicking on the key and from the edit menu I chose delete, but the next day they showed up again. Can someone please help me how to delete them temporary.

Thanks

T Cauchi —Preceding unsigned comment added by 195.158.126.187 (talk) 21:19, 16 April 2008 (UTC)
 * Deleting random keys from the Registry editor is a bad idea. As for how they came back, some program you use (or Windows itself) is putting them back. Which probably means they aren't as "unuseful" as you think they are. If you meddle with your registry enough, you can completely crash Windows. Don't do it! --Captain Ref Desk (talk) 00:19, 17 April 2008 (UTC)


 * If you absolutely, positively, at the penalty of death, need to find out what program is modifying the registry keys, you can use something like Process Monitor, but the Good Captain is correct, stay out of the registry! 83.250.207.154 (talk) 06:45, 17 April 2008 (UTC)