Hutan Lindungi Bumi

2007-11-19T00:31:00.000-08:00

31- 36 [Tech Info] This section introduces the latest ICT technologies related to your fields of interests: project management, network security, application development methodologies, and so forth by OIC - JICA.

31. UTM : New generation network protection
32. Performance-Maintenance Theory in Leadership
33. USB 3.0, the new standard of USB
34. The Next Standard Coming After 10G-Ethernet
35. Zend Framework for PHP
36. The Trend of Computer Viruses

----------------------------------------------------------------------
31. [Tech Info] UTM : New generation network protection
----------------------------------------------------------------------

Is your organization network protected by a firewall? A firewall is
definitely necessary security equipment for protecting an organization
network. Firewall technology has developed further more into a new
technology called UTM (United Threat Management).

[What is UTM?]
In 1990s, introduction of firewall was a main security
countermeasure, and various types of firewall products were
developed. When a firewall was firstly developed, main purpose of it
was access control between different networks to prevent
unauthorized intrusion. As threats became more complicated in
accordance with the explosive spread of the Internet, IDS (Intrusion
Detection System) and gateway-type Anti-Virus software were
introduced. But those were separately developed by venders. If these
solutions can be unified, users get benefit, like easy management,
less cost, etc. Now, there comes a user's need to unite security
products. The united security products are called UTM.

[Merit of UTM]
In addition to firewall function, a UTM product has functions of
IDS, Anti-Virus, URL filtering and Anti-spam. UTM provides all of
these functions on a single platform. A merit of UTM is elimination
of system complication (no need to consider compatibility), easy set
up, low management cost, easy troubleshooting and so on.

[Available UTM products]
There are three types of venders who currently provide UTM
products. (a) firewall venders, such as "Check Point Software
Technologies Ltd," (b) Anti-Virus venders, such as "Symantec
Corporation," (c) venders who targets UTM from the beginning, such
as "Fortinet Inc." (a)'s UTM products have advantage in firewall
functions (access control is fast, abundant items can be specified
to filter, etc). (b)'s UTM products have advantages in Anti-Virus
functions (many virus definition patterns, capability to deal with
unknown viruses). When you choose a UTM product, it is important to
take your organization's budget, scale, facing security problems,
etc. into account.

[Considerations about UTM]
When you introduce UTM products, you should consider the
following. First thing is redundancy. If a UTM gets down, entire
network will be isolated, because every security function is united
in a UTM product. Therefore, it is important to consider redundancy
of UTM. Second one is performance. Since various functions are put
into a UTM, a load is heavy and high performance is required. Due to
this limitation, current market mainly targets middle or small scale
organizations whose budget and human resources are limited. Large
scale organizations hesitate to introduce UTM and continue to use
different specific servers for each function. Now venders are in a
hurry to develop a UTM product with high performance and redundancy.

If your organization has not introduced a firewall yet or is annoyed
with complicated threats which your firewall cannot block, why don't
you consider introducing a UTM product? But don't forget the points
above!

----------------------------------------------------------------------
32. [Tech Info] Performance-Maintenance Theory in Leadership
----------------------------------------------------------------------

In OIC, you learned "Leadership". Do you exercise leadership skills?
Today I would like to introduce one of leadership theories called
"Performance-Maintenance theory", or "PM theory" in short.

PM theory, proposed by Dr. MISUMI Jyuji in 1984, focuses on two major
abilities in leadership. One is "Performance", ability to improve
productivity; the other is "Maintenance", ability to build teamwork or
good human relation. In this theory, we represent high ability using
capital letters (P and M) and low ability using small letters (p and
m). There are four combination patterns: PM, Pm, pM and pm, each of
which is characterized below:

PM: able to achieve results and build a good team (ideal leadership)
Pm: able to achieve results but lose trust of members, or members
are exhausted
pM: able to get members confidence but not able to achieve results
pm: neither able to get members confidence nor bring results (not a
qualified leader)

When you focus on communication or motivation in a team, the order of
effectiveness of leadership style is: PM > pM > Pm > pm (PM is the
highest, pm is the lowest).

When you focus on performance or results in the short term, the order
is
PM > Pm > pM > pm.

However if you see it in the long term, the order is PM > pM > Pm > pm.

Therefore you should give not only whipping, but also make
consideration to members' feelings.

There are some tips to improve these abilities. To improve
"Performance" ability, you should

- set up clear objectives and action plan,
- give specific orders not vague orders, and
- utilize PDCA cycle (Plan, Do, Check, Act) You learned these skills
through OIC subject "action plan".

To improve "Maintenance" ability, you should
- use coaching skills (pacing, acknowledgement etc.), and
- use facilitation skills and make members commit to their job

PM type is always the best. Please take good balance between
"Performance" and "Maintenance" to get the fruitful outcome.

----------------------------------------------------------------------
33. [Tech Info] USB 3.0, the new standard of USB
----------------------------------------------------------------------

How many USB(Universal Serial Bus) devices do you have? I guess you
have a lot. Nowadays USB becomes very popular interface of PC. For
example, you can copy files with USB flash memory. You can transfer
digital camera data by USB cable. You can even charge an iPod battery
through USB port.

The current version of USB interface is 2.0 and it is called "High
speed USB." Its transfer speed is 480Mbps. Suppose you transfer 60MB
file, it takes one second, and theoretically ten seconds for copying
full data of a CD-ROM. And it has a function called "PLUG & PLAY"
which makes it possible to work immediately after connecting a device
using USB.

The "USB 3.0 Promoter Group" was formed with Intel, Hewlet-Packard,
Microsoft, NEC, NXP Semiconductors and Texas Instruments. The group
aims to establish a new standard of USB, the "USB 3.0", called "Super
Speed USB."

The transfer speed of USB 3.0 will be ten times faster than current
USB. It will take only a second to transfer a full data of CD-ROM in
theory. USB 3.0 will maintain backward compatibility such as "PLUG &
PLAY" or Power-Supply function.

If you want to bring out full performance of USB 3.0 however, you need
both of PC which has USB 3.0 port and USB 3.0 devices.

For more information, please visit
http://www.intel.com/pressroom/archive/releases/20070918comp.htm

----------------------------------------------------------------------
34. [Tech Info] The Next Standard Coming After 10G-Ethernet
----------------------------------------------------------------------

"Ethernet" is a standard of data link layer originated in 1970's and
is under development/update in even today. Thanks to many people's
effort, now we can use 10G-Ethernet even in our usual LAN environment
(10G: 10 giga bits per second). For an average user, the speed of
"10G" is more than enough, but for ISPs (Internet Service Providers)
and server companies, "10G" is NOT enough. Now the IEEE802.3*
committee struggles to develop a new standard coming after
10G-Ethernet.

In July 2007, they mostly decided the specification and announced
it. I would like to introduce you such information briefly below.

* The IEEE 802.3: Working Group that develops standards for Ethernet
based LANs

Nowadays, people enjoy downloading files such as music, chatting with
moving pictures through the Internet. The traffic of the Internet has
been increasing drastically and ISPs and companies providing internet
servers strongly need much higher speed Ethernet. So far, 10G-Ethernet
has been mainly used for the ISP backbone network to connect network
devices and for the backplane network to connect multiple ISP servers,
especially, to connect among blade servers in the ISP. Until a few
years ago, "10G" was not so slow for such usage. But now the situation
has changed. ISPs and the server companies need to use higher speed
lines for themselves. ISPs need at least "100G" to increase line speed
in their backbone network, even if it takes much time to achieve
it. On the other hand, for server companies, it is not so good to wait
long time for "100G". They need to use higher speed lines than
10G-Ethernet as soon as possible, even if the speed will be slower
than "100G". So far, "two groups" have had many discussions to settle
down this issue.

Eventually, the IEEE802.3 committee almost has decided the next
standard coming after "10G-Ethernet". It will be standardized in
"IEEE802.3ba". (Don't confuse with "IEEE802.3ab".) The maximum speed
of the IEEE802.3ba is decided to both 100giga bit per second
(100G-Ethernet) and 40Giga bit per second (40G-Ethernet). According to
"the past rule", the speed would have been 100Giga bit per second. But
it is now clear that the technique of 100G-Ethernet including network
aggregation points would be the best suite for backbone network and
the technique of 40G-Ethenet, such as host bus interfaces, matches for
servers more than 100G-Ethernet.

The major characteristic of the 100G-Ethenet/40G-Ethernet is the
following.

A) 100G-Ethernet:
Maximum line speed: 100Giga bit per second
Maximum length between devices: 40 kilo meter
Main usage: To increase the speed of ISP's Backbone network

B) 40G-Ethernet
Maximum line speed: 40Giga bit per second
Maximum length between devices: 100 meter
Main usage: To connect among several blade servers for higher
data transmission.

We might see this new standard, 100G-/40G-Ethernet in 2010. After some
leading companies such as ISPs and server companies (vendor) implement
it to their systems, this new standard will be used in average users
such as governments and private companies.

The innovation of the new technologies will and should last forever.

For more information: http://www.ieee802.org/3/ba/index.html

----------------------------------------------------------------------
35. [Tech Info] Zend Framework for PHP
----------------------------------------------------------------------

Overview:

Zend Framework (ZF) is a Model-View-Controller (MVC) framework for
PHP5 developed by PHP Collaboration Project. Although there are some
PHP frameworks, e.g., Symfony, Mojavi, and Ethna, there is no standard
one like "Struts" in Java. Since the project is mainly supported by
Zend Technologies Ltd. who significantly encourages advancement of
both the PHP language and its community, ZF is expected to be a
standard framework and a best practice for PHP web application
development.

Advantages of Zend Framework:

- MVC Framework

ZF implements a Front Controller pattern in an object oriented
programming MVC framework. Since the framework will reduce
programmers' burden to control flow of programs, they will be able
to concentrate on a development of application parts. Besides, it
will make PHP code more reusable and maintainable by separating
business logic from user interface design.

In this framework, the front controller receives a user request, and
it is processed according to the following procedure using a class
library that is called "Component".

(Use a monospaced font to show this diagram normally.)

Front Controller
+------+ +--------------+
| | URL| +----------+ | +----------+ +-------+ +--------+
|Client|----->| Router | | | |<-->| Model |<-->|Database|
| | | +----------+ | | Action | +-------+ +--------+
| | | |Dispatcher|--->|Controller| +-------+
| | | +----------+ | | |<-->| View |
| | +--------------+ +----------+ +-------+
| | |
| |<--------------------------+
+------+ Response

1. A Router decomposes a URL to acquire an Action Controller name
and an Action name, and forwards them to a Dispatcher.

2. The dispatcher calls the action in the action controller based on
the received names.

3. The action retrieves data from database through a Model or calls
a View to display information on the client's browser.

- Database Support

ZF provides PDO-based components to simply access multiple brands of
RDBMS. Databases supported include IBM DB2, MySQL, Microsoft SQL
Server, Oracle, PostgreSQL, and SQLite. PDO (PHP Data Object) is a
database-independent object oriented interface. Please refer to the
News Letter Issue 028 to get further information on PDO.

- Useful Set of Components

ZF provides many components to develop common applications quickly,
easily, and securely. For example, solutions for email, session,
authentication, input validation, logging, and web service are
included. These components can be used and extended independently
due to loosely coupled design even if users don't use the MVC
framework.

- New BSD License

ZF is licensed under the business-friendly BSD License. It enables
users to include the framework code in their own commercial web
applications without any constraints on use.

Why don't we develop modern web applications and web services using
this powerful high-quality open-source framework after learning object
oriented programming in PHP5?

Zend Framework Web Site: http://www.zendframework.com/

How to Install:
http://www.zendframework.com/manual/en/introduction.installation.html

Guide for Quick Start:
http://www.zendframework.com/manual/en/zend.controller.html#zend.contr
oller.quickstart

Other Deliverables of PHP Collaboration Project:
-Zend Developer Zone: http://devzone.zend.com/public/view/
-Eclipse PDT project: http://www.eclipse.org/pdt/

----------------------------------------------------------------------
36. [Tech Info] The Trend of Computer Viruses
----------------------------------------------------------------------

What is current trend of computer virus like? Does your organization
take appropriate measures for it? Trend Micro Inc., announced trend
of computer virus of 2007 and forecast of 2008 in January. Let's
overview the contents.

Trend Micro Inc., in its 2007 annual report, has released the number
of infected cases, which was 63,726 in Japan. It decreased by 69
percent compared to 2006. The top 10 species of computer viruses
represented 4.5 percent in all reported number. In contrast, the top
10 species of virus occupied 68.3 percent in 2001.

In 2007, "Malware" (malicious software) has awfully spread. Malware as
typified by "Storm Worm" emerged in January 2007 is usually disguised
as e-mail attachment and spread widely. In addition, companies'
vulnerable web sites were abused to download malware automatically
such as "Fujacks".

How did crackers spread malware? Crackers used to exploit e-mail
attachment to lead users to the malicious website and let them
download malware. Since users noticed e-mail attachments were not
reliable, crackers switched to directly describe URL of the malicious
website in the many body of emails. Crackers also use document files
such as ".doc", that user frequently uses in daily life. This method
had been popular before, and it gained popularity again in 2007.
Moreover, new type of crime that cracker sells fake security software
which had no effective function and earn money has emerged. In
addition, since computer virus has spread via website, even Mac or
Linux has become targets of computer viruses. Not only OS but also
minor applications such as Japanese writing software were targets.

Summarizing 2007, it was the year of malware sophistication, cracker
used their brain to create new types of computer viruses. The number
of each virus spread was small, but the number of species was big. We
have learnt that viruses would infect computer via e-mail in most
cases, but this is not true any more.

In response to the trend of 2007, it is predicted that organizations'
web sites and particular application or OS will be targeted more in
2008, and cracker will combine existing infection methods, and make
sophisticated and complex of computer viruses.

Therefore, in order to prevent infection of sophisticated computer
virus, it is important for organizations to take not only fundamental
measure, such as updating the pattern file, but also to grasp current
situation, and review existing policies, conduct timely and clear
education to the end user. Conducting PDCA (Plan-Do-Check-Act) cycle
continuously and reviewing security policy would be vital issue.

References:
http://www.ipa.go.jp/security/english/virus/press/200701/E_PR200701.html
http://jp.trendmicro.com/jp/threat/security_news/monthlyreport/article/20080
108011916.html (Japanese Only)

2007-01-21T23:36:00.000-08:00

21- 30 [Tech Info] This section introduces the latest ICT technologies related to your fields of interests: project management, network security, application development methodologies, and so forth. OIC - JICA.

21. Beginning of ISO/IEC 27001 Certification
22. Hints for Effective Implementation of EA
23. Windows Vista features and .NET Framework 3.0
24. What Is NGN (Next Generation Network) ?25.phpDocumentor,the Art of Programming Documentor?
26. "Botnet" and latest information security measures
27. Approach to eHealth in Europe
28. The PHP Data Objects (PDO) with PHP 5.x
29. Introduction of Various Operating Systems
30. Coding Standard for PHP

----------------------------------------------------------------------
21. [Tech Info] Beginning of ISO/IEC 27001 Certification ----------------------------------------------------------------------

ISO/IEC 27001 is the international standard for the information security which defines the system to manage countermeasures for the information security. It gives a favorable blessing of the organization's ISMS. Any kind of governmental organizations and private companies can utilize this standard. ISO/IEC 27001 focuses on not only technical security countermeasures, but also security management by PDCA (Plan-Do-Check-Act) cycle. This standard defines 133 controls as requirements for security management. This is the third-party certificate scheme and the organization who wants to get this certification asks a third-party organization to audit the situation of ISMS.

ISO/IEC 27001 is based on BS7799. BS7799 is the information security standards which England established. "BS" stands for "British Standard" and this is not the international standard. BS 7799 consists of 2 parts; Part 1 is about the code of practice for information security management and now it is standardized internationally as ISO/IEC 17799. ISO/IEC 17799 will be revised as ISO/IEC 27002 and unified into ISO/IEC 27000 series in near future. On the other hand, Part 2 is the standard for reviewing organization's ISMS, and last year (2005) in November, BS7799 Part 2 was standardized international- ly and published as ISO/IEC 27001. The organization which has already had BS7799 certification must migrate to ISO 27001 in the certain period. And the organization which doesn't have a certification will get ISO 27001.

The most important point to get ISO/IEC 27001 certification is that analyzing organization's security risk appropriately and conducting necessary controls as a whole organization based on the risk analysis result. In doing so, it is necessary to establish organization wide security policy, to conduct user training and to implement appropriate network and physical countermeasures.

We would like to suggest you to get ISO/IEC 27001 certification, in order to increase your organization's security level as a whole.

----------------------------------------------------------------------
22. [Tech Info] Hints for Effective Implementation of EA
----------------------------------------------------------------------

In OIC computer training courses, we studied Enterprise Architecture
(EA) which is one of methods for promoting e-Government.

Objective of EA is to realize full optimization of organization from
the view point of businesses and systems to be more customer-centered.

One of the characteristics of EA is "Creation of EA model". We have to
clarify structure of whole organization by using it.

In order to clarify the structure of whole organization, we divide
businesses and systems into four layers (Business, Data, Application,
and Technology), and create many diagrams such as Data Flow Diagram
(DFD), UML Class Diagram, Hardware/ Software/Network configuration
Diagram and so forth.

In planning phase, we investigate current situation (As-is Model) and
design future situation (To-be Model) to create Computerization
Strategy Plan which is final documents for EA establishment.

EA is known as very effective method to improve businesses and
systems, so many public organizations and private companies have tried
to implement it.

In case of Japan, Japan Government established EA guidelines, and not
only central governments but also many local municipalities are now
implementing EA.

However, we have found many difficulties to implement EA recently as
follow.

[Issues for realizing EA]
1. Lack of clear visions and strategies by Top Management
2. Difficulty in reaching an organizational consensus
3. Lack of IT skilled staffs

In order to solve those, we should take various kinds of
countermeasures.

Not only short term plan, but also middle/long term IT strategies and
education for IT staffs are necessary. For realizing it, we have to
think about "IT Governance".

Definition of IT Governance is "Internal control of organization for
IT". In short, it is one of methodologies for establishment and
implementation of IT strategies. Today, it is necessary for Chief
Information Officer (CIO) to study the skills and knowledge of IT
Governance.

The most famous and effective guideline for IT Governance is called
"Control Objectives for Information and related Technology (COBIT)"
which was issued by Information Systems Audit and Control Association
(ISACA).

ISACA defines four necessary domains and 34 necessary processes in
COBIT for internal control.

You can get more information about COBIT by accessing ISACA web site:

http://isaca.org/


-----------------------------------------------------------------------------
23. [Tech Info] Windows Vista features and .NET Framework 3.0
-----------------------------------------------------------------------------

Windows Vista, Microsoft's latest operating system, has been released
worldwide to the general public on January 30, 2007. For business
users, it was released two months earlier.

This new operating system adopts an improved interface and new
security tools and features. One of Vista's major features is "Windows
Aero." In this interface, the separate panes for each program you are
running can be displayed in different ways and in different angles.
Another feature is the sidebar, in which users can run a weather
watching program, keep the calculator visible, and keep an eye on
any feeds they want to monitor.

As a security tool, Windows Vista includes anti-spyware called
"Windows Defender". Vista will also work hard to ensure people keep
their copy of Windows up to date since attackers are getting much
better at exploiting unpatched security holes.

Windows Vista will also impact software development in a positive way.
This new operating system includes ".Net Framework 3.0," formerly
known as WinFX, which aims to make it considerably easier for
developers to write high-quality applications than with traditional
Windows APIs. ".Net Framework 3.0" includes a new set of managed
code APIs that are integral to Windows Vista.

There are no major architectural changes with ".NET Framework 3.0,"
since it includes version 2.0 of the Common Language Runtime (CLR).
Therefore, a .NET Framework 2.0 application should, in theory, work on
a .NET Framework 3.0 system. However, software testing is highly
recommended before attempting to run such an old application on the
new environment. .NET Framework 3.0 is also available for Windows XP
SP2 and Windows Server 2003 as a download.

For building .NET Framework 3.0 applications using existing Visual
Studio 2005, Microsoft provides Visual Studio extensions for .NET
Framework 3.0 and various tools. They are provided as an early preview
of technology to enable early adoption of the .NET Framework 3.0
platform. Users will be expected to upgrade it when commercial version
becomes available.

For more information, visit the MSDN worldwide site at
http://msdn2.microsoft.com/en-us/

----------------------------------------------------------------------
24  [Tech Info] What Is NGN (Next Generation Network)?
----------------------------------------------------------------------

Do you know the term of NGN? NGN is the acronym of Next Generation
Network and it is also the name of the new network service. Now among
Europe, Japan, and other countries, this new network is about to be
introduced. This time we would like to introduce the outline of NGN.

What is the definition of NGN? Some people say NGN is an IP-based
telephone network. Yes, it is correct in a narrow sense. Until few
years ago, when we make a phone call, the traditional non-IP-based
phone lines provided by telephone carriers are used. But nowadays the
situation has been changed. We can use IP-based telephone service like
Skype, and as a result, the number of people who use traditional
telephone lines has decreased drastically. It forces the carriers to
migrate their telephone networks from a non-IP-based one to an
IP-based one. This new IP-based telephone network is called NGN in a
narrow sense.

In a broad sense, however, NGN is a quite different new network. NGN
has a lot of characteristics. NGN is not a part of the Internet but
another IP-based network provided by carriers. The architecture of the
NGN is different from that of the Internet. In the Internet, IPv4
(Internet Protocol version 4) is the base protocol. Over IPv4
infrastructure, applications such as WWW, mail can run freely. On the
other hand, in NGN, in addition to IPv4, IPv6 (Internet Protocol
version 6) will be used as the base protocol, and applications work on
some regulations. These regulations make it easier to keep the voice
grade of IP telephone. One of the regulations is the adaptation of SIP
(Session Initiation Protocol). Under this control, various
applications such as telephone, movie distribution, and access to the
Internet are provided in appropriate quality of services (QoS).

In summery, NGN is expected as a more sophisticated and promising
network. In Japan, NTT East has started the field trial of NGN in
December 2006. In other countries, NGN might start soon.

Pay attention to the trend of NGN.
If you need more information, refer to the following URLs:
- http://en.wikipedia.org/wiki/Next_Generation_Networking
- http://www.ntt.co.jp/ir/library_e/nttis/2006win/


----------------------------------------------------------------------
25.phpDocumentor,the Art of Programming Documentor?
----------------------------------------------------------------------

1. History of Programming Documentation

In the early stage of computer, when main frames were dominating,
different programming languages specific to each main frame were
used. Program documentation had been requisite for communication
among development members.

Nowadays, in object oriented programming, the programming
documentation is still more important, as APIs (Application Program
Interface). When we create a new method, we at first define the
interface, the specification of how to use it. Then, users of the
method can be compliant with its interface.

Java, a well-known object oriented language, has an innovative
tool, JavaDoc, to describe API documents. When we use JavaDoc, we
embed the documentation as a comment in each Java source code, then
JavaDoc automatically generate an API documentation of your codes.

As PHP language started to support object oriented programming from
PHP5.0, PHP users become eager to have such a documentation tool
like JavaDoc. phpDocumentor is thus developed as an open source
project to meet the demand.

2. What is phpDocumentor?

phpDocumentor is the current standard auto-documentation tool for
the PHP. Similar to Javadoc, phpDocumentor can be executed in the
command line to create HTML documentation from PHP source code.

See details at: http://www.phpdoc.org/

3. How to install?

You can obtain zip or tgz file of phpDocumentor from the link
above. This software is platform-independent. You can use similarly
in both Windows and Linux environments.

After decompressing it, please place the PhpDocumentor folder at
the PEAR folder. e.g.:
[Windows] C:\php\PEAR\PhpDocumentor
[Linux] /usr/local/lib/php/PEAR/PhpDocumentor

4. How to use?

Here shows an example of generating documents in Linux environment.

> php /usr/local/lib/php/PEAR/phpDocumentor/phpdoc \
-t /usr/local/apache2/htdocs/doc \
-o HTML:frames:default -d /usr/local/apache2/htdocs/tender \
-pp on -ti 'OIC Framework' -dn 'OIC Framework'

[Frequently Used Options]
-d   --directory       name of a directory to parse
-t   --target          path where to save the generated files
-ti  --title           title of generated documentation.
-pp  --parseprivate    parse private methods/members
-dn  --defaultpackage  name to use for the default package.
-o   --output          output information to use.
                 Format: output:converter:templatedir

5. How to describe?

Descriptions for phpDocumentor should be enclosed with /** and */.
A number of tags which starts with 'at mark' like @package, and
@param is available. Here shows an example of the description.


----------------------------------------------------------------------
26. [Tech Info] "Botnet" and latest information security measures
----------------------------------------------------------------------

Introduction

Have you ever received any information security damage?  Since
Internet has become widespread rapidly and highly-developed,
threats and risks for information security have increased very much
and attack methods have become cleverer.

The Recent Tendency of Attack is "Invisible".

You may receive some damage without knowing it. One Japanese
research agency (IPA="Information-technology Promotion Agency")
reported that the number of reported accidents about unauthorized
access had decreased from last year. One reason for this decrease
is lots of organizations had introduced anti-virus software. But
other reason may be that the damages from "spyware" have not become
obvious.

New Threat to ICT

"Botnet" is the most serious threat among them. "Botnet" is a huge
network of computers which are infected by "Bot" (=a malicious
program by which a hacker can control other computer by remote) .

By using "Botnet", a hacker can control multimillion computers. For
example, "Multimillion infected computers may send junk e-mail at
once", "Multimillion infected computers may intercept a server's
service (DOS attack)". There is a real case that a hacker who
blackmailed an organization by using "Bot" was arrested.  The
problem of the "Bot" is that we cannot confirm the existence of
"Bot". "Bot" can disappear automatically when it is tracked, and
"Bot" can upgrade itself automatically by using network. Thus,
"Bot" hides itself from owners, and spreads infection. One research
said that 2.0-2.5% of computer in Japan is infected by "Bot".

Effort against "Bot": In the Case of Japan

Japanese government starts actual activities against
"Bot". Ministry of Internal Affairs and Communications launched
"Bot control project" in cooperation with Ministry of Economy,
Trade and Industry. And it established "Cyber Clean Center"
(https://www.ccc.go.jp/en_index.html) in cooperation with ISP
(Internet Service Provider). Currently, there are not effective
countermeasures against "Bot".

The purpose of this project is to limit the spread of "Bot" by
decreasing the number of "Bot" infected computers as much as
possible. And this project aims to make hackers recognize that it
seems difficult to make "Botnet" in Japan, because governments take
a proactive stance on problems in "Bot". The role of "Cyber Clean
Center" is to provide a mechanism for cleansing "Bot" absolutely.

The characteristics of the mechanism are;

1) Collect objects of Bot
to examine from bait PC in the Internet and make tools for
cleansing.

2) ISP notices to the users by e-mail that they are infected by
"Bot".

3) Each user who gets a notice from ISP downloads the tools from
the site and cleanses "Bot".  Currently, 30% of noticed users
succeeded cleansing.  The challenge that lies ahead is how to
make other 70% users cleanse "Bot".

Conclusion: Back to Basic = Security Policy and PDCA

Ad hoc measures are not effective in current situation that new
attack methods are appearing in sequence. It is important to
establish Information security policies, and based on them, to
conduct PDCA (Plan-Do-Check-Act) cycle continuously.  And also,
training is important to raise security awareness of staffs.

Nowadays, high security level is essential to continue business.


----------------------------------------------------------------------
27. [Tech Info] Approach to eHealth in Europe
----------------------------------------------------------------------

Today, we introduce you "eHealth" which is one of e-Government
services. This concept is becoming more and more popular all over the
world.  In EU member nations, it is expected as the key of economic
growth and job development.

[What is "eHealth"?]
"eHealth" is an approach which improves our health and medical
services by using new technologies, including the Internet.


[Advantages of "eHealth"]
By using "eHealth", we will be able to get the following advantages;
- To get correct information on health quickly,
- To make medical cost reasonable by improvement of medical
efficiency,
- To improve medical service quality,
- To prevent medical accidents by digital documents.


[Outline of "eHealth" in Europe]
EU has the goal to provide all citizens of EU member nations with
health care without relation to a patient's nationality and address.
However, EU thinks that it is difficult to introduce common
standardized medical and insurance system to whole Europe or
EU member nations.

In order to solve such a problem, EU aims to introduce a smart card
to medical services and make the smart card have the interoperability
among nations.

The smart card is called "EHIC: European Health Insurance Card".

EHIC is introduced to 25 EU member nations, Iceland, Liechtenstein,
Norway and Switzerland. It has a  purpose to enable a traveler with
an EHIC to get medical services during his/her trip.

In order to keep consistency between current medical system and
EHIC system, there are two card faces. One side is for common
function of EHIC, the other side is for each country's own
use. Name, birthday and ID number of a card holder and a code of
his/her country are recorded on a EHIC. Private medical history is
not recorded on a EHIC at this moment.

People with a EHIC can get medical services in foreign countries
by exhibiting the card, and can start refund procedure immediately if
he/she pays the cost for medical services in the country.

Medical workers provide proper medical services considering health
status of the card holder, visit purpose and duration if he/she
presents the EHIC to the medical service provider.


[Future Plan]
Different countries in Europe have different social security
system. In addition, some of European countries have advanced the
introduction of IT for national medical system and have already
introduced a medical smart card with IC (Integrated Circuit) chip.
So, it is expected that EHIC is being introduced with keeping
the consistency with each country's own medical and insurance system.

Also, it is planned that EU will establish interoperability of EHIC
among European countries and operate it as a part of medical system
in the whole Europe in 2008 in order to exchange information and
prevent illegal use.


[Reference website about European Health Insurance Card]
European Commission [English Site]
http://ec.europa.eu/employment_social/healthcard/index_en.htm


----------------------------------------------------------------------
28. [Tech Info] The PHP Data Objects (PDO) with PHP 5.x
----------------------------------------------------------------------

Overview:
The PHP Data Objects (PDO) is shiped with PHP 5.1 or later version,
and is also available as a PECL extension for PHP 5.0.

PDO defines a lightweight, consistent interface for accessing
databases in PHP. It provides a data access abstraction layer,
regardless of the underlying database. That means, it is possible
to use the same functions to issue queries and fetch data even if
you have many kinds of databases.
Previously, such as PEAR::DB, and dbx were used as the data access
abstraction method, but now PDO is highly recommended because of its
advanced features.
e.g. high performance, OO API, Exception handling, and so on.

Supported Databases:
The followings are the drivers and supported databases
that currently implement the PDO interface.
The specific PDO drivers are required to use the various databases.

- PDO_OCI       : Oracle Call Interface
- PDO_PGSQL     : PostgreSQL
- PDO_MYSQL     : MySQL 3.x/4.x/5.x
- PDO_DBLIB     : FreeTDS / Microsoft SQL Server / Sybase
- PDO_IBM       : IBM DB2
- PDO_ODBC      : ODBC v3 (IBM DB2, unixODBC and win32 ODBC)
- PDO_INFORMIX  : IBM Informix Dynamic Server
- PDO_SQLITE    : SQLite 3 and SQLite 2
- PDO_FIREBIRD  : Firebird/Interbase 6

How To Install:
- On Linux/UNIX Platform: PDO and PDO_SQLITE are included in the PHP
5.1 and later distribution.  It is recommended to build PDO, and
PDO driver as shared extensions for the easy updates via PECL.
For example,
  # ./configure --with-zlib --enable-pdo=shared \
    --with-pdo-oci=shared

- On Windows Platform:
PDO and the major drivers ship with PHP 5.1 and later as shared
extensions.

How To Activate:
php.ini file must be edited to load the PDO extension automatically.
It is also needed to enable any database specific drivers too.
For example,
- On Linux/UNIX Platform:
extension=pdo.so
extension=pdo_oci.so

- On Windows Platform:
extension=php_pdo.dll
extension=php_pdo_oci.dll

Sample Source:
setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

} catch (PDOException $e) {
print "PDOException = " . $e->getMessage();
exit(1);
}

try {
// prepare statement
$stmt = $conn->prepare("SELECT * FROM EMP WHERE DEPTNO = ?");

// bind parameters
$deptno = 10;
$stmt->bindParam(1, $deptno);

// execute query
$stmt->execute();

// fetch result set
while($rs = $stmt->fetch()) {
  print_r($rs);
}

// close DB
$conn = null;
} catch (PDOException $e) {
print "PDOException = " . $e->getMessage();
exit(1);
}
?>

For more information, please refer
http://www.php.net/manual/en/

To get the current PHP including PDO, please visit
http://snaps.php.net/

----------------------------------------------------------------------
29. Introduction of Various Operating Systems
----------------------------------------------------------------------
There are many kinds of operating systems other than Microsoft Windows
or Linux in the world.  If you learn those various operating systems,
you will be able to understand ¡Èoperating systems¡É more.  Therefore
I am happy to introduce some of them.


Once University of California at Berkeley developed BSD, which is a
famous version of UNIX. BSD itself is concluded, but there are
successors.
FreeBSD is known for its easiness to use. It is for i386 (PC) mainly.
NetBSD is known by supporting many kind of platforms.
OpenBSD is known as secure and project develops OpenSSL also.
cf. 
   
         


MacOS X is a commercial product of Apple. It is based on a micro
kernel model, and has userland of FreeBSD. (i.e. You can use most of
commands and libraries of FreeBSD on MacOS X along with Macintosh
software) Today, many UNIX users use MacOS X, because they can use
both software like iTunes and power of Unix.
cf. 


Darwin is core part of MacOS X and it is OSS. It has no GUI of
Macintosh.
cf. 


Solaris is a commercial product of Sun Microsystems. It is one of UNIX
System V release 4.0 and is famous for its reliability. Although
Solaris is a commercial product; it is free of charge to use and to
get most of patches. The current version is Solaris 10 which includes
newest file system ZFS.
cf. 


Most of Solaris became OSS. But important parts are not included. The
author of Linux complains that there is no ZFS in Open Solaris,
although he wants it.
cf. URL:http://www.opensolaris.org/os/


----------------------------------------------------------------------
30. [Tech Info] Coding Standard for PHP
----------------------------------------------------------------------

Every real project has its own coding standard. Coding standard is one
of the ideas to make programming source code with good quality and
high maintainability. Commonly, there are some categories in coding
standard such as File Formatting, Naming Conventions, Coding Style and
inline documentation. Rules for Maximum Line Length, Line Termination,
and Encode Type will be set as File Formatting. Coding style means how
to write source code such as declaration of classes, how to write
control statements.

Here we want to introduce an example of Naming Conventions in the
coding standard for ZendFramework issued by Zend, which developes PHP.


[Naming Conventions]
1. Classes
   - Class names may only contain alphanumeric characters.
     Numbers and underscores are permitted in class names but are
     discouraged.
     If a class name is comprised of more than one word, the first
     letter of each new word must be capitalized.

2. Filenames
   - For all other files, only alphanumeric characters and
     underscores are permitted. Spaces are prohibited.
     Any file that contains any PHP code must end with the extension
     ".php".
     Following example shows the acceptable filename for containing
     the class name, "UsecaseController", from the example in the
     section above.

3. Functions and Methods

   - Function and method names may only contain alphanumeric
     characters.
     Underscores are not permitted except for names of constructor
     and destructor method for object-oriented programming.
     Numbers are permitted in function and method names but are
     discouraged.

   - Function and method names must always start with a lowercase
     letter.
     When a function or method name consists of more than one word,
     the first letter of each new word must be capitalized.
     This is commonly called the "camelCaps" method.

Refer to the following website for more information.
http://framework.zend.com/manual/en/coding-standard.html

2006-11-01T17:23:00.001-08:00

11-20 [Tech Info] This section introduces the latest ICT technologies related to your fields of interests: project management, network security, application development methodologies, and so forth. OIC - JICA.

11. Biometric Technology to be introduced into Passport
12. New Functions on Public LMS
13. The Report 'Trends in Enterprise Architecture' 2005
14. Windows Vista Coming Next Year
15. Wireless LAN Today
16. J2SE-Java 2 platform, Standard Edition 5.0("Tiger") released in
Sep. 2004 was made various improvements
17. Biometrics - Vein authentication
18. Eclipse 3.2 is available now as part of the Callisto
19. Information leakage caused by Winny
20. Samba 4.0 New Release October 2006

----------------------------------------------------------------------
11 [Tech Info] Biometric Technology to be introduced into Passport
----------------------------------------------------------------------

Do you know "Minority Report" starring Tom Cruise? It is a movie about
future society, where irises of all humans are registered for
identification, in 2054. In this movie, there is a shocking scene of
eyeball implantation in order to spoof as another person. Like this,
the authentication technology by "unique and unchangeable" living body
feature is called "Biometrics."

Biometrics is going to be introduced for preventing forged passport.
International Civil Aviation Organization (ICAO) started an argument
which biometric technology should be selected from face, fingerprint,
iris, signature, voiceprint, or shape of palm in the late 1990s, and
reached the conclusion that face is adopted for ePassport.

Based on the international conclusion, Japan is planning to start to
issue an ePassport in March 2006. The image of face will be saved in
an IC chip of each passport. Since face is changeable compared to
fingerprint, authentication accuracy falls off with time. However,
after research studies, it is verified that accuracy can perform for
10 years, which is an available term of passport, with validity. A
development of guideline for photography has already started, and it
is expected to improve accuracy more.

----------------------------------------------------------------------
12 [What's New] New Functions on Public LMS
----------------------------------------------------------------------

OIC has begun to provide you with two functions on our public LMS:
"OIC-OSDP" and "SVCC."

- OIC Open Source Software Development Project (OIC-OSDP)

OIC-OSDP are the projects for you ex-participants to develop open
source software by yourself from all parts of the world. We
provide you with communication tools for "Suggestion of new
project", "Recruitment of project members", "Examination of
specification", and so on. By using these tools, you can initiate
new project and start development of open source software in
cooperation with other ex-participants.

- Streaming Video of Computer Courses (SVCC)

SVCC is one of the support programs for coming-participants &
ex-participants. We have delivered some video clips of various
lecture scenes in OIC computer courses. You can utilize them to
do your enlightening promotion activities and so on. And we would
like you to send us your video clips, because we are going to
deliver good activities performed by alumni for
coming-participants.

URL for OIC Public-LMS: https://pblms.jica-oic.jp/

For inquiry about your login ID and password.
Please contact us at: newsletter@pblms.jica-oic.jp

----------------------------------------------------------------------
13 [Tech Info] The Report 'Trends in Enterprise Architecture' 2005
----------------------------------------------------------------------

Institute For Enterprise Architecture Developments(IFEAD) is a
research and information exchange organization working on the future
state of Enterprise Architecture. This organization has a Website
which provides us with a lot of valuable information of Enterprise
Architecture(EA).

URL: http://www.enterprise-architecture.info/index.htm

You can obtain information about EA standards, EA methods, EA tools,
EA & strategy, EA best practices, EA governance, EA education, and so
on from this website. And also this website has links to other various
EA websites which help us plan and implement EA.

IFEAD conducted survey on trends in EA. This survey is a part of a
yearly recurrent survey to measure the progress and developments in
EA. The survey is based on a 25 question questionnaire such as "Why is
EA important for your organization?", "For what kind of issues do you
plan an EA program?", "Is your organization familiar with the
importance of EA?", "Is EA part of your organizations strategic
governance?", "At which level is EA part of your organizations
governance structure?". IFEAD analyzed the result of those
questions. This report guides you through the latest trends of EA by
referring to the report.

Try to access and download the report from IFEAD website.
URL:
http://www.enterprise-architecture.info/Images/EA%20Survey/Enterprise%20Architecture%20Survey%202005%20IFEAD%20v10.pdf
(C) Copyright, Institute For Enterprise Architecture Developments
(IFEAD), 2005 - All Rights Reserved.

----------------------------------------------------------------------
14 [Tech Info] "Windows Vista" Coming Next Year
----------------------------------------------------------------------

(1) "Cheetah", "Jaguar", "Panther", "Tiger"
(2) "Chicago", "Memphis", "Whistler", "Longhorn"

Can you guess what they mean?

(1) is a list of large cats, well known project code names of Mac OSX.

("Cheetah"=Ver.10.0, "Jaguar"=Ver.10.2, "Panther"=Ver.10.3, "Tiger"=Ver.10.4).

(2) is a list of project code names of Microsoft Windows OS named after place names.

("Chicago"=Windows95, "Memphis"=Windows98, "Whistler"=WindowsXP, "Longhorn"=WindowsVista)

Traditional image of code name is like a secret code informally given
to the project under development and used within the organization. But
these days, some major computer companies like Microsoft, Apple,
Intel, announce their project code names to the public and they are
widely used till the official product names are published.

In July 2005, next version of Windows OS got their official name
"Windows Vista" and project code name "Longhorn" finally completed its
role. The code name "Longhorn" was so common to the public users
because debut of the new version had been eagerly hoped almost five
years after the current version of Windows XP was released in 2001.
Despite its debut originally planned in 2004, development schedule was
revised several times and according to Microsoft's recentannouncement,
"Windows Vista" for consumers would be launched in January 2007.

"Vista" means vision. Microsoft said that the name "Vista" had the
sense of bringing clarity, so it was expected to make things clearer
and pretty simple. "Windows Vista" emphasizes security function, more
flexible searching function and more sophisticated user interface
compared to WindowsXP. (Incidentally, "XP" means experience.) "Windows
Vista" consists of six editions, "Starter 2007," "Home Basic," "Home
Premium," and "Ultimate" for home and "Business" and "Enterprise" for
business, to cover all the segments of users.

This Windows OS development project spent a long hard period as
"Longhorn." With the official name "Vista," will Windows OS acquire
clear vision and bright future?

About "Windows Vista"
URL: http://www.microsoft.com/windowsvista/

----------------------------------------------------------------------
15 [Tech Info] Wireless LAN Today
----------------------------------------------------------------------

Nowadays many organizations tend to adopt the wireless LAN in addition
to their LAN. By using the wireless LAN, it becomes easy to construct
LAN and reallocate the computers connected to it.

There are three major types of the wireless LAN specification as follows:

a) IEEE802.11a : MAX 54Mbps (speed), 5 GHz
b) IEEE802.11b : MAX 11Mbps (speed), 2.4GHz
c) IEEE802.11g : MAX 54Mbps (speed), 2.4GHz

The user will select the appropriate types of the wireless LAN above
according to their network usage and the compliance of the Radio Law
of each country.

In addition to the above three specifications, IEEE802.11n is now
under discussion to make available to the public and this may become
one of the main stream of wireless LAN in few years.

Main characteristic of IEEE802.11n is in its higher network speed.
The maximum speed of current wireless LAN is 54Mbps, whereas that of
IEEE802.11n is approximately up to 300Mbps. This improvement of the
speed is so drastic, it is almost more than six times of the current
network speed.

IEEE802.11n mainly adopts the following advanced technologies to
improve the network speed and smooth data transmission:

1) to increase the number of antennas
IEEE802.11n uses the technology called 'MIMO (multi input and multi
output)' and can accept the data transmission from four antennas
simultaneously. This means that data can be transmitted four times
faster than before.

2) to improve the data transmission efficiency
IEEE802.11n minimizes the unnecessary data length and reduces the
interval time for data transmission. The volume of data will be
increased by approximately 140% by this technique.

3) to utilize wider bandwidth
The current bandwidth range is 20MHz and it will be doubled up to
40MHz. Therefore, the network speed of IEEE802.11n will be upgraded
as:

(54Mbps) x (2) x (1.4) x (2) = approximately 300Mbps

The specification of IEEE802.11n is scheduled to be fixed by March, 2007.

For more information, please refer to:

http://grouper.ieee.org/groups/802/11/

----------------------------------------------------------------------
16 [Tech Info] New features of J2SE 5.0
----------------------------------------------------------------------

J2SE-Java 2 platform, Standard Edition 5.0("Tiger") released in
Sep. 2004 was made various improvements.

For details, see http://java.sun.com/j2se/1.5.0/docs/relnotes/features.html

Major concepts of J2SE5.0 are as follows.

(1)Ease of Development
(2)Performance and Scalability
(3)Monitoring and Manageability
(4)Desktop Client

(1) is the concept to aim for simplification of development by extending the Java programming language.

(2)-(4) are the concepts to aim for robust execution environment. We
focus on "(1)Ease of Development(EoD)" in this article.

New feature categorized as EoD are as follows.

- Generics-Add Generic Types to the Java Programming Language
- Extending the Java Programming Language with Enumerations, Autoboxing, Enhanced for loops and Static Import
- Metadata (A Metadata Facility for the Java Programming Language)

Let's see familiar for loop this time.

We describe code to handle array or collection as bellow.

----------Case 1:Array----------
String[] str = new String[3];
str[0] = "one";
str[1] = "two";
str[2] = "three";
for(int i = 0; i < str.length; i++) {
System.out.println(str[i]);
}
----------------------------------
----------Case 2:Collection----------
Collection str = new ArrayList();
str.add("one");
str.add("two");
str.add("three");
for(Iterator i = str.iterator(); i.hasNext()) {
System.out.println(i.next());
}
----------------------------------------

We have to declare index or iterator for each "for loop".
When we use "Enhanced for loops", we can code simpler.

----------Case1----------
for(String s : str) {
System.out.println(s);
}
---------------------------
----------Case2----------
for(Object o : str) {
System.out.println(o);
}
---------------------------

Like this, you can define your code simpler and eliminate bugs as a
result. Please try to make a simple and readable program with adopting
Java evolution.

----------------------------------------------------------------------
17 [Tech Info] Biometrics - Vein authentication
----------------------------------------------------------------------

Recently biometrics is getting introduced in Japan. This topic is vein
authentication, which is a kind of biometrics. Vein authentication
uses a blood vessel to identify each person. (Not capillary vessel but
thick and stable one.) Even twins do not have the same pattern of
veins. And since vein pattern is biometrics information, we can not
get the information by photo and contact.

According to a certain Japanese manufacture's report, the ratio of
identifying an original correctly is more than 99.99%¡¡and the ratio
of identifying others incorrectly is less than 0.00008%.

Progress of Vein Authentication for public use is as follows:

Vein authentication started working at major banks in Japan in the
middle of 2004. In 2005, it started working by little and little in
university hospitals, condominiums and houses. A certain university in
Tokyo is using it as the student identification. This is a rare case.

In 2006 , Japanese government passed the law which requires a bank to
indemnify a customer who suffered damages by stolen or forged bank
card. That is why financial institutions are forced to increase their
security level. Vein authentication is getting introduced especially
in financial facilities against social background like this.

----------------------------------------------------------------------
18 [Tech Info] Eclipse 3.2 is available now as part of the Callisto
----------------------------------------------------------------------

The Eclipse Foundation announced the release of
10 Eclipse open source projects on June 26, 2006.
This release event, named Callisto, is one of the largest
multi-project releases undertaken by an open source community.

A major emphasis of Callisto is to make it easier for organizations
to adopt Eclipse as the platform for application development.
By releasing 10 projects at the same time, the goal is to eliminate
uncertainty about version compatibility and make it easier to incorporate
multiple projects into your environment.

Below is a listing of all ten projects
involved in the Callisto Simultaneous Release.

- Business Intelligence and Reporting Tools (BIRT) Project 2.1
Reporting system that integrates with your application
to produce compelling reports for both web and PDF

- C/C++ IDE (CDT) 3.1
C/C++ Development Tooling

- Data Tools Platform (DTP) 1.0
Tool and Framework for Data Oriented Application Development

- Eclipse Modeling Framework (EMF) 2.2
Modeling framework and code generation facility for building tools
and other applications based on a structured data model

- Graphical Editor Framework (GEF) 3.2
Framework to create a rich graphical editor
from an existing application model

- Graphical Modeling Framework (GMF) 1.0
Generative component and runtime infrastructure for developing
graphical editors based on EMF and GEF

- Eclipse Project 3.2
Eclipse Platform

- Eclipse Test and Performance Tools Platform Project (TPTP) 4.2
Platform supplying frameworks and services
for test and performance tools

- Eclipse Web Tools Platform Project (WTP) 1.5
Tools for developing J2EE Web applications

- Visual Editor (VE) 1.2
Development platform supplying frameworks for creating GUI builders

Callisto provides a single release event
that synchronizes version compatibility and schedules.
The Callisto Discovery Site allows you to install any of the projects
included in the Callisto Release from a single location.
Instead of downloading each project individually
and then installing them into your workspace,
the Callisto Discovery Site simplifies the process.

As part of Callisto, the new Eclipse 3.2 SDK release features
some exciting new capabilities for Java and Web Developers, including:

- Java 6 support
- Refactoring scripts
- Static analysis of Java code
- Improved code completion and quick fix support
- Improved usability and performance
- Support for Mac OSX on Intel and preview support for Windows Vista

For more information, please refer
http://www.eclipse.org/callisto/

To get the current Eclipse, please visit
http://www.eclipse.org/downloads/index.php

----------------------------------------------------------------------
19 [Tech Info] Information leakage caused by Winny
----------------------------------------------------------------------

In Japan, computers using "Winny", a most popular file-sharing
software, have become widely infected by several warms, and then such
incidents that confidential files are flowed out in Winny Network have
happened quite often not only from the computers of individuals or
private companies but also from the ones of public institutes such as
a police station, Self-Defense Forces, Japan Post, a jail, a court, a
nuclear electric plant, a local government, and public offices. It's
because workers bring back home individual information treated in
their work, and those sloppy managements have been criticized very
much.

Winny is a P2P (Peer to Peer) file-sharing program developed by a
Japanese, while Napster, Gnutella, WinMX, and Share are known as
common typical file-sharing programs. A file-sharing software is
originally a tool for exchanging sound files and video files which are
too large to exchange via e-mail and web. This idea itself is not
illegal, but most files traded are copyrighted files, which makes us
difficult to tell whether the software is evil or not.

Let's see how Winny works actually. When a user put a file in a
specified upload folder, it will be copied to his/her Winny share
folder, which is connected to Winny Network. When other users download
it, it is copied to their Winny share folder too. As this downloadings
done so many times, files spread out among a lot of computers then
nobody can tell when and who first put it into the public and where
the files exist physically.

Information leakage happens by being affected by a virus. This virus
comes in sometimes via e-mail, but mostly via Winny Network as an
attachment of an illegally shared file. When you open the file, your
computer will be affected by the virus. The virus copies the contents
of your computer or your mail and exposes them to Winny Network.

Once a file is exposed in Winny Network, it is downloaded by many
people and it becomes impossible to reclaim all the copies of it
because of the anonymity of Winny Network. When the incident
broadcasted as a news, some people are even willing to download such
files to enjoy the party's suffering.

Let's consider what kinds of countermeasures are effective.

There are two major countermeasures. One is to disable starting Winny
by using an OS function to forbid the execution of an application. If
your computer is Windows XP, you can disable starting of Winny by
specifying in "Local Security Settings" the filename of Winny
"winny.exe", or its hash value.

The other is to block off Winny from your network. To restrict the
network utilization by setting a filtering function of the firewall is
effective for such a network whose client computers can communicate
with limited hosts. For example, if a client computer accesses the
Internet through a specified mail server, a DNS server, or a proxy
server, you can allow only the proper use of the Internet and cut off
the other use by setting on these servers. If client computers use
those softwares like Skype which communicate directly with multiple
hosts at once, you have to analyze the traffic pattern of Winny or
introduce a device which deciphers and cuts off communication.

Not to mention Winny, any file-sharing software always goes with the
danger of information leakage. It is quite important to establish a
security policy in your organization and take measures such as "Do not
bring business data out from the company", "Do not install Winny in
your home computer", and "Configure client computers not to allow
running Winny". Please be sure to take care.

For more detailed information on Winny, see this site.
http://en.wikipedia.org/wiki/Winny

----------------------------------------------------------------------
20. [Tech Info] Samba 4.0 New Release October 2006
----------------------------------------------------------------------

When sharing file documents, Samba package is often used and very
popular in Linux environment. And now, Samba is going to release an
attractive version. While the stable version is Samba 3.0 at present,
a new version, Samba 4.00tp3 has just been released on October 16 this
year. Here please note that the version "tp" is called Technology
Preview, which means it is not stable version, but absolutely just for
verification or examination. Therefore, the "tp" version can't be
installed into a real system.

The main attraction of Samba 4.0 is to realize Windows Domain
Controller and implement the related protocols. In order to control
Windows PCs, Active Directory is mainstream nowadays. The current
version Samba 3.0 has compatibility with Windows NT domain, however it
can't be an Active Directory Domain Controller by itself. Samba 4.0
performs as an Active Directory Domain Controller which Windows PCs
can belong to.

Furthermore, it has the following features.

- NTVFS implementation
While Samba 3.0 has no compatibility with Windows file system,
Samba 4.0 implements NTVFS, which provides almost same features as
NTFS.

- LDAP and Kerberos integration
Samba 3.0 needs to utilize external packages for LDAP and Kerberos,
but Samba 4.0 has built-in functions for those.

Notice
- It doesn't have built-in functions for DNS, so needs to work with
BIND.
- It doesn't provide a GUI management tool.

This is a good opportunity to verify the new Samba, why don't you try
it? Samba 4.00tp3 is available from the following website.

http://us2.samba.org/samba/ftp/samba4/

2006-09-29T00:34:00.000-07:00

1-10 [Tech Info] This section introduces the latest ICT technologies related to your fields of interests: project management, network security, application development methodologies, and so forth. OIC - JICA

1. ISO/IEC 27001:2005(ISMS Standard) Has Just Been Published
2. PMP(R) Credential Exam System Changes
3. GUI or CUI?
4. Skype Technology
5. Eclipse Latest Status
6. New Computer Viruses Increase by 48% in 2005
7. If you understand yourself well, you can communicate well
8. Next Generation of Microsoft Excel
9. Virtual Machine Makes Your Computer More Efficient
10. Ajax: A Boost to Web Technology

----------------------------------------------------------------------
1 [Tech Info] ISO/IEC 27001:2005(ISMS Standard) Has Just Been Published
----------------------------------------------------------------------

ISO/IEC 27001:2005 has just been published on Oct. 15, 2005. It
replaces BS 7799-2:2002 (UK Standard). ISO/IEC 27001:2005 is a
management standard, which explains how to build, maintain and improve
an Information Security Management System (ISMS). It is based on risk
assessment and Plan-Do-Check-Act (PDCA) model. The standard provides a
specification for ISMS and the foundation for third party audit and
certification. It is harmonized to work with other management system
standards such as ISO 9001 and 14001.

"'The publication of ISO/IEC 27001:2005 is a big event in the
world of information security and the standard has been eagerly
awaited,' said Ted Humphreys, Convener of the working group
responsible for managing the development of the standard. 'It is a
standard that all security-conscious organizations should look to
implement.'"

http://www.iso.org/iso/en/commcentre/pressreleases/2005/Ref976.html

In addition to the development of ISO/IEC 27001, ISO/IEC JTC1 SC27 is
working on several other standards that will all be included in the
27000 series of standards - in analogy to the management system
standards, such as ISO 9001 and 14001.

The standards in the 27000 series are:

- ISO/IEC 27000: Information Security Management System Fundamentals
and Vocabulary (under development)

- ISO/IEC 27001: Information Security Management System - Requirements
(published)

- ISO/IEC 27003: Information Security Management System Implementation
Guidance (under development)

- ISO/IEC 27004: Information Security Management Measurement (under
development)

- ISO/IEC 27005: Information Security Risk Management (under development)
The integration of ISO/IEC 17799:2005 into the 27000 series will be
discussed and decided upon in spring 2007; a forward in ISO/IEC
17799:2005 is explaining this situation, and if ISO/IEC 17799:2005 is
integrated into 27000 series, it will obtain the number ISO/IEC 27002.

There is ISMS Conformity Assessment Scheme based on BS 7799-2:2002 in
Japan. Security Course participants studied details in "Making ISMS",
and all participants studied a little in "Security Basics". This
scheme will be revised in 2006, based on ISO/IEC 27001:2005.

----------------------------------------------------------------------
2 [Tech Info] PMP(R) Credential Exam System Changes
----------------------------------------------------------------------

On September 30, 2005, Project Management Institute (PMI(R))
officially revised Project Management Professional (PMP(R)) credential
examination. PMP is a credential awarded by PMI and currently the
number of PMP holders amounts to 50,000 all over the world.

The major changes in the exam are as follows:

- The new exam is based on "A Guide to the Project Management Body
of Knowledge (PMBOK(R)) Guide Third Edition", while the old exam
was based on "PMBOK Guide 2000 Edition".

- The passing score is 106 questions correct out of 175 scorable
questions (61 percent) , while it used to be 137 out of 200 (69
percent) in the old exam.

PMP exam can be taken in over 60 countries. Among the countries which
PMA Course participants belong to, Bulgaria, China, Indonesia,
Philippines, Romania, Turkey, and Uzbekistan have testing centers for
this certificate.

For details, visit PMI website.
http://www.pmi.org/info/pdc_pmpexam05.asp

----------------------------------------------------------------------
3 [Tech Info] GUI or CUI?
----------------------------------------------------------------------

There are two types of well-known user interfaces. One is "GUI
(Graphical User Interface)" and the other is "CUI (Character User
Interface)". GUI enables users to make operation more easily by using
graphics such as icons, buttons and pointing devices. On the other
hand, CUI prepares character-based interface such as terminal screens
and users input from keyboards.

Nowadays it seems that GUI has become mainstream not only for Windows
users, but also for UNIX/Linux users. Users do not have to memorize
and type the commands. It is good for beginners because anybody can
intuitively make operation with mouse click and visual guidance.

A young application specialist Y-san, who is a typical GUI user, says,
"I hate command. I hate terminal screen. I hate keyboard typing. Why
should we do such old aged operation in the era of GUI? We have many
useful tools and can make applications by drag and drop. It's enough!"

However, there remain persons who still love commands. Most of them
are very skillful developers, but they usually shut their heart to the
GUI world. A genius engineer O-san, who is an extreme command lover,
says, "If you like GUI, it's OK. Whatever you want. I do not want to
waste my time caring amateurs like you."

Why do they adhere to commands and never change their way? The answer
is easy. GUI is efficient only for the easy work, but for the complex
work, CUI has the great advantage. For example, if you want to put
extension ".oic" to all the files in your PC whose names include
"okinawa" and are updated in half a year, using command is far simpler
than using GUI.

K-san, the command analyst says, "Commands are represented by pure
text format so you can grasp all the system configuration as a
string. It means you can make the perfect reconfiguration of your
settings. Being represented by text format enables you to do iterative
operations using such technique like copy-and-paste, and/or
functioning."

If you are a typical GUI lover, try to use command sometimes. It will
make your work easier and more comfortable!

----------------------------------------------------------------------
4 [Tech Info] Skype Technology
----------------------------------------------------------------------

Skype, the Internet telephone software released two years ago, now has
over 60 million users in the world.

The reason of its popularity is the voice communication quality, which
is the same level as ordinary telephone. Therefore, users do not feel
stressed while talking. Another reason is that this service is free of
charge if used in PC-to-PC communication. You have to pay if you call
from Skype to ordinary telephone, however, the communication charge is
far less than that of ordinary telephone.

The inexpensiveness of this service comes from the low cost of the
service provider's facility. Normally, telephone service is provided
by expensive circuit switches owned by telephone companies. However,
Skype owns only the servers to manage their user accounts and
authenticate them. The other functions such as controlling calls are
allocated to users' computers dispersedly using P2P (peer to peer)
technology.

So far, this software is mainly for personal use, however, gradually
it has gained popularity among the companies that seek for lower
communication costs. Also it may become a key-application to integrate
telephone network into LAN.

The latest version of Skype supports video chat, which can be applied
to video conferences in companies. If you are interested in Skype,
please try to access the site below.
http://www.skype.com/

----------------------------------------------------------------------
5 [Tech Info] Eclipse Latest Status
----------------------------------------------------------------------

Eclipse is an open source community whose projects are focused on
providing a vendor-neutral open development platform and application
frameworks for building software. Eclipse is used in a lot of real
systems development.

For details, see http://eclipse.org/

The following is an overview of Eclipse.

Features

1) Equal level function to commercial IDE (Integrated Development
Environment) products

Eclipse includes input complementation function, debug function,
build tool, CVS (Concurrent Version System), etc.

2) Expansion of functions by plug-ins

Eclipse can be an IDE for C/C++, PHP, or Perl as well as JAVA by
introducing plug-ins.

3) Substantial information
There are substantial technical information about Eclipse which
communities and individuals transmit. It is possible for you to
solve problems based on the information.

Version

The latest version of Eclipse is 3.1.1 published in September,
2005. You will need a 1.4.2 level or higher Java runtime or Java
development kit (JDK) installed on your machine in order to run
Eclipse.

Eclipse completely supports J2SE 5.0 from version 3.1. If you
install J2SE 5.0 on your machine, you need to install Eclipse 3.1.x
or higher. If you install J2SE 1.4 or smaller on your machine, you
can install Eclipse 3.1.x or smaller.

You can download Eclipse 3.1.1 from the following URL.
http://eclipse.org/downloads/
You can download J2SE 5.0 from the following URL.
http://java.sun.com/j2se/1.5.0/download.jsp

Plug-ins

One of the big factors that spread Eclipse is a plug-in
architecture. Various types of plug-ins are developed all over the
world and published. There are useful plug-ins in the following.

o Web application development plug-in
- Eclipse Web Tools Platform Project (WTP)
WTP includes source editors for HTML, JavaScript, CSS, JSP, SQL,
XML, DTD, XSD, and WSDL.
http://www.eclipse.org/webtools

- Eclipse HTML Editor HTML Editor is an Eclipse plug-in for
HTML/JSP/XML Editing.

http://amateras.sourceforge.jp/cgi-bin/fswiki_en/wiki.cgi?page=EclipseHTMLEditor

- JSEclipse
JSEclipse is an Eclipse plug-in for JavaScript Editing.
http://www.interaktonline.com/Products/Eclipse/JSEclipse/Overview/

- PHPEclipse
PHPEclipse includes PHP parser, debugger, code formatter, outline
view, and templates, etc.
http://www.phpeclipse.de/tiki-view_articles.php

- TruStudio Foundation
TruStudio is PHP and Python IDE built on Eclipse.
http://www.xored.com/trustudio

o GUI application development plug-in
- Visual Editor(VE)
Visual Editor provides a framework for creating Eclipse-based GUI
builders.
http://www.eclipse.org/vep/

o UML modeling plug-in
- Eclipse UML Free Edition
Eclipse UML is a visual modeling tool of UML.
http://eclipseuml.com

- SDE for Eclipse Community Edition
SDE is a visual modeling tool of UML.
http://www.visual-paradigm.com/product/sde/ec/

Participants of WOA Course used TruStudio for a development of PHP
application in the workshop. Eclipse HTML Editor, JSEclipse, and
PHPEclipse also have useful functions for a development of web
application.

A lot of plug-ins are available on Eclipse. Please try to introduce
Eclipse into a system development of your organization by all means!

----------------------------------------------------------------------
6 [Tech Info] New Computer Viruses Increase by 48% in 2005
----------------------------------------------------------------------

Sophos Co. has published the report concerning the damage of computer
viruses in 2005 on December 6th. According to this report, the number
of new virus/worm identified by Sophos Co. during 2005 was 15907.
This figure shows an increase of 48% over the previous year.

"W32/Zafi-D" worm has caused the biggest damage. "W32/Netsky-P" virus,
the previous year's hardest hitting virus, has dropped to second
place. "W32/Sober-Z", just unleashed in November 2005, has already
risen to third place. The report also identified that one in every 44
e-mails has viral in 2005.

The number of new computer viruses increase year by year.
Countermeasures against malicious software becomes more and more
necessary to avoid damages. As all of you know, installing anti-virus
software is important, but it's not sufficient.

Why don't you review your daily operation when using computers?

1. Don't open email-attached files without checking its safety.
2. Don't use preview window on MUA.
3. Check computer viruses when sending any files by using e-mails.
4. Maintain the latest pattern file in anti-virus software.
5. Check new security patches information.
6. Make backup files regularly.
etc....

These should be documented as rules. How about your organization?

The top ten viruses of the year,reported at Sophos' global network of
monitoring station, are as follows

---------------------------------------------------------------
Virus Percentage of Report Firstly Identified Month
---------------------------------------------------------------
1 W32/Zafi-D 16.7% Dec. 2004
2 W32/Netsky-P 15.7% Mar. 2004
3 W32/Sober-Z 6.0% Dec. 2005
4 W32/Sober-N 4.3% May. 2005
5 W32/Zafi-B 4.0% Jun. 2004
6 W32/Mytob-BE 3.9% Jun. 2005
7 W32/Mytob-AS 3.8% May. 2005
8 W32/Netsky-D 3.0% Mar. 2004
9 W32/Mytob-GH 1.9% Oct. 2005
10 W32/Mytob-EP 1.8% Jun. 2005
- OTHERS 38.9% -
---------------------------------------------------------------
(Source: Sophos Co.)

----------------------------------------------------------------------
7 [Tech Info] If you understand yourself well, you can communicate well.
----------------------------------------------------------------------

You all studied "Coaching skills" in Leadership Training. Do you use
coaching skills in your daily life? If you say that you use them
everyday, that is great! Please keep doing. But if you say, "I can't
use coaching skills because colleague's ideas are not good.", "There
is no enough time for coaching session.", or "I have to teach correct
way of doing.", maybe you are right. Your idea can be much better than
their idea.

I would like to remind you that people are not willing to commit to
other's
idea very much comparing with their own ideas. You should give your
proposal in manner that they can accept easily.

Today I introduce you the "enneagram", a study of personal growth
based on ancient teachings. The enneagram describes nine distinct
personalities. Knowing your own personality type, you will understand
"your way of thinking" and "others might have different way of
thinking". Since your colleagues might have different personality
types, it is good to use different communication style for better
understanding of your proposal.

Please visit http://www.enneagraminstitute.com/ and try The Free RHETI
Sampler to know your personality. After taking the sample test, they
give
you advice. You can find another explanation in http://www.ennea.com/.

People have different personalities but it doesn't mean they are better
or
worse. I hope you will use enneagram and enjoy better communication.

----------------------------------------------------------------------
8 [Tech Info] Next Generation of Microsoft Excel
----------------------------------------------------------------------

Currently, the Microsoft Corporation is developing a new version of
Microsoft(R) Excel, under the code name of "Excel 12." This software
will be a part of "Microsoft Office 12", a new version of the
Microsoft Office suite.

In "Excel 12", the maximum number of rows handled will be increased
from the current 65,536 to 1,048,576 (1500% more rows than in Excel
2003!) , and the number of columns will increase from 256 to
16,384. This means that the label of the rightmost column is "XFD"
instead of the current "IV". At present, you need Microsoft Office
Access to handle such large data, but you will be able to handle them
in the new Excel, as long as the number of rows is around 1 million or
less.

Other limits that will be expanded are:

- Total amount of PC memory that Excel can use
1GB -> Maximum allowed by Windows
- Number of sorting levels on a range or table
3 -> 64
- Number of conditional format conditions on a cell
3 conditions -> Limited by available memory
- The number of levels of nesting that Excel allows in formulas
7 -> 64
...etc.

New features are as follows;

- "Save as" function in PDF format.

- Sorting function not only by character or number, but also by
cell color.
...etc.

As you are aware, this is a major change in Excel's history! This
major change in the product might have been driven by threat of the
other open source software, such as OpenOffice. Anyway, I hope "Excel
12" will become more useful one.

The release timing of Microsoft Office 12 has not yet been announced.
But it is said that it will be ready in early 2006 according to
sources.

For more detail, click Microsoft developer's blog.
http://blogs.msdn.com/excel/default.aspx

If you want to register to beta test Excel 12, see the website below.
http://www.microsoft.com/office/preview/default.mspx

----------------------------------------------------------------------
9 [Tech Info] Virtual Machine Makes Your Computer More Efficient
----------------------------------------------------------------------

A VM (Virtual Machine) is a computer which is defined in software. In
other words, VM simulates a computer. With VM, you can run two or more
operating systems on single computer at the same time. For example,
you can use Linux and Windows on single computer at the same time with
VM.

For servers or system administrators, VM can make the best use of
computer resources and save energy and space, because two or more VM
is running on a single computer. Adding that, with each VM which
serves for a specific service like DNS or WWW, it can make each
service more secure.

For users and developers, VM makes each PC more useful, because it
acts as many computers at low cost.

There are some VM software: Xen or OpenVZ as open source software; and
VMware, Virtual PC or Virtuozzo as commercial software.

This time, I would like to introduce VMware.

Originally, every VMware product was commercial software. Now, you can
use some of VMware products without fee: VMware player and VMware
Server.

With VMware player, you can execute ready-made VM and you can download
disk images of VM via the Internet.

With VMware server, you can try and evaluate most features of
VMware. But you can not use advanced features like dynamic load
balancing.

Because I use some hardware which has drivers for Windows only and I
need MS Office sometimes, I use Windows XP. But I need software for
UNIX, too. So I try VMware player and a disk image for OpenBSD which
is one of free software operating systems, and connect to VM for
OpenBSD via virtual network. In other words, I can use Windows and
OpenBSD on single computer at the same time. It makes me happy!

Of course, you can use VM for Linux or Windows.

Have a try!

URL: http://www.vmware.com

----------------------------------------------------------------------
10 [Tech Info] Ajax: A Boost to Web Technology
----------------------------------------------------------------------

As you may know, Macromedia Flash(TM) is commonly used to create
moving design elements on a web page. Well then, have you ever heard
of "Ajax"? Ajax (pronounced as "A-JAX") is an abbreviated expression
of "Asynchronous JavaScript And XML."

Ajax is not something you can download or buy. It is just a new
approach of building web applications. Using existing technologies
such as HTML, JavaScript, DOM, and XML, you can build very interactive
web applications without using Flash.

You may unconsciously have experienced Ajax when using Google Map,
Google Suggest, and so forth. Now check up Google Maps. Use zoom bar
to zoom in and zoom out. Use your cursor to grab the map and scroll
around. Every motion happens almost immediately without waiting for
pages to reload. In other words, the server asynchronously do
something without stalling a user's interaction with the application.

Ajax in not anti-Flash. We should use the right technology (Ajax,
Flash, etc.) in the right place.

Anyway, Ajax is an important development for Web applications, and its
importance is going to grow day by day. With Ajax, Flash, and the
other technologies, the Web is closer than ever to becoming a viable
default platform for application development.

You can see more on the web page of Mr. Jesse James Garrett, who is
the godparent of Ajax.

http://www.adaptivepath.com/publications/essays/archives/000385.php
12:11 AM