Thursday, September 20, 2012

Steve Wozniak and Steve Jobs hacked the Telephone Network with their Blue Box. Is it still possible with the existence of SS7

Hacking with Blue Box the History
The operation of a blue box is simple: First, the user places a long distance telephone call, usually to an 800 number or some other non-supervising phone number. For the most part, anything going beyond 50 miles would go over a trunk type susceptible to this technique.
When the call starts to ring, the caller uses the blue box to send a 2600 Hz tone (or 2600+2400 Hz on many international trunks followed by a 2400 Hz tone). The 2600 Hz is a supervisory signal, because it indicates the status of a trunk; on hook (tone) or off-hook (no tone). By playing this tone, you are convincing the far end of the connection that you've hung up and it should wait. When the tone stops, the trunk will go off-hook and on-hook (known as a supervision flash), making a "Ka-Cheep" noise, followed by silence. This is the far end of the connection signalling to the near end that it is now waiting for routing digits.
Once the far end sends the supervision flash, the user would use the blue box to dial a "Key Pulse" or "KP", the tone that starts a routing digit sequence, followed by either a telephone number or one of the numerous special codes that were used internally by the telephone company, then finished up with a "Start" or "ST" tone. At this point, the far end of the connection would route the call the way you told it, while the users end would think you were still ringing at the original number. KP1 is generally used for domestic dialing where KP2 would be for international calls. (wikipedia). The Fifteen Greatest Hacking Exploits

 SCCP hacking, attacking the SS7 and SIGTRAN applications

Introduction to Switching systems
Stored Program Controlled (SPC) Telephone Exchanges
Mobicents SS7 Stack
Introduction to BSS (Business Support Subsystem)

Friday, September 7, 2012

Architecture Lessons by Ingo Rammer

#1 - Don't follow others!
#2 - People affect architecture
#3 - Good for me or for the project
#4 - Research vs. Development
#5 - Be wary of The Second System
#6 - Some things need to be discussed, others need to be done
#7 - Build what people pay you to build
#8 - Always observe problem complexity vs. solution complexity
#9 - Make it simpler. If the solution appear too complex, it quite likely is
#10 - Most of us don't need Ebay/Amazon/Google/Bing Scale
#11 - Code is written to be read
#12 - Don't think about solutions before understanding the problem
#13 - When in doubt, pick the technology you know
#14 - There is no silver bullet
#15 - There is no good idea which can't be used in a totally wrong way
#16 - Shipping is a feature!

See the presentation here.

Saturday, August 18, 2012

Web Performance Pixie Dust

This is one nice article I read about Web Performance. Summery of the article is as below. 

Web Performance must become a priority from Top to Bottom, and vice versa. Performance monitoring is a journey, not a destination, similar to continuous build and agile dev! Yes it’s about great user experience, but ultimately it’s about the bottom line! (Slow Performance is the Silent Killer, the New Downtime - 2010!)
Items which can impact performance:
  • Datacenter(s): Location, Location Location!
  • Network(s), Latency & Geography
  • Hardware (servers, load balancers, network…)
  • DNS
  • CDN & CDN Configuration (just caught 2 cdns one using http 1.0 Close Connection and the other not compressing)
  • Proper Capacity Planning
  • Application (web, databases, frameworks…)
  • Code
  • 3rd Parties
  • Smart and efficient use of Hardware
  • Engineers + Ops working in sync
  • Web Performance Team (EVEN if it’s one person)
  • NOC or Site Reliability guys, the Watchdogs
  • Finally, the “Executive Team” that's making sure all of the above elements are receiving the proper resources and support, with the ultimate goal of getting your company headed towards a great user experience and level of performance
Read the whole article:

Sunday, May 20, 2012

Sharepoint Alfresco and Liferay

Liferay, Sharepoint and Alfresco are considered as Enterprise Content Management Systems or ECMs which in essence support Document Management, Web Content Management, Workflow, Enterprise Collaboration, Advanced Search and Administration. However Liferay is in contrast more powerful on its Extensibility and Integration points while others are more forcused towards content collaboration. By integrating Liferay with Sharepoint or Alfresco an enterprise can create a mature editorial process management solution with advance visual content presentation capabilities. Liferay from version 6.1 support this idea by introducing the Content Management Interoperability Services or CMIS interface and OAuth and Open Social Portlet.

For example the enterprise product catalogs, Articles, Newsletters and Video etc. content authoring and collaboration can be done through Sharepoint/Alfresco while web presentation is done through Liferay.

Hippo CMS and Nuxeo ECM are the other content management systems which can be integrated with Liferay. Hippo uses JSR-286  Web Services Remort Portlet WSRP feature to integrate with Liferay while Nuxeo uses CMIS and OpenSocial for the integration. The reference section has links for Liferay Blog posts which explains on how to integrate Twitter Gadjet to a users private page using OAuth and Open Social and how to integrate Alfresco in Liferay using CMIS.

Liferay's Enterprise Portal 6.1 Supports CMIS, Integrates Enterprise CMS Document Repositories
Open Source Alternatives To Microsoft SharePoint
Liferay + CMIS: do not expect too much
Content Management Interoperability Services
Liferay CMIS Repository - Wiki
Liferay Sharepoint - User Guide
Integrating Twitter Gadget in Liferay
Integrating Alfresco 3.4 in Liferay 6.1 via CMIS 1.0