Hands on OPENSSL programming APIs

This section demonstrates the implementation of a simple SSL client and server program using OpenSSL APIs.

Although SSL client and server programs might differ in their setup and configuration, their common internal procedures can be summarized in Figure 4-8 " Overview of SSL Application with OpenSSL APIs". These procedures are discussed in the following sections.

Figure 4-8  Overview of SSL Application with OpenSSL APIs

Initializing the SSL Library

Before you can call any other OpenSSL APIs in the SSL application programs, you must perform initialization using the following SSL APIs.

SSL_library_init(); /* load encryption & hash algorithms for SSL */
SSL_load_error_strings(); /* load the error strings for good error reporting */

The SSL_library_init() API registers all ciphers and hash algorithms used in SSL APIs. The encryption algorithms loaded with this API are DES-CBC, DES-EDE3-CBC, RC2 and RC4 (IDEA and RC5 are not available in HP SSL for OpenVMS); and the hash algorithms are MD2, MD5, and SHA. TheSSL_library_init() API has a return value that is always 1 (integer).

SSL applications should call theSSL_load_error_strings() API. This API loads error strings for SSL APIs as well as for Crypto APIs. Both SSL and Crypto error strings need to be loaded because many SSL applications call some Crypto APIs as well as SSL APIs.

Creating and Setting Up the SSL Context Structure (SSL_CTX)

The first step after the intialization is to choose an SSL/TLS protocol version. Do this by creating anSSL_METHOD structure with one of the following APIs. The SSL_METHOD structure is then used to create anSSL_CTX structure with the SSL_CTX_new() API.

For every SSL/TLS version, there are three types of APIs to create an SSL_METHOD structure: one for both client and server, one for server only, and one for client only. SSLv2, SSLv3, and TLSv1 APIs correspond with the same name protocols. Table 4-2 " Types of APIs for SSL_METHOD Creation" shows the types of APIs.

Table 4-2  Types of APIs for SSL_METHOD Creation

Protocol typeFor combined client and serverFor a dedicated serverFor a dedicated clientSSLv2SSLv2_method()SSLv2_server_ method()SSLv2_client_ method()SSLv3SSLv3_method()SSLv3_server_ method()SSLv3_client_ method()TLSv1TLSv1_method()TLSv1_server_ method()TLSv1_client_ method()SSLv23SSLv23_method()SSLv23_server_ method()SSLv23_client_ method()

 NOTE: There is no SSL protocol version named SSLv23. The SSLv23_method() API and its variants choose SSLv2, SSLv3, or TLSv1 for compatibility with the peer.

Consider the incompatibility among the SSL/TLS versions when you develop SSL client/server applications. For example, a TLSv1 server cannot understand a client-hello message from an SSLv2 or SSLv3 client. The SSLv2 client/server recognizes messages from only an SSLv2 peer. TheSSLv23_method() API and its variants may be used when the compatibility with the peer is important. An SSL server with the SSLv23 method can understand any of the SSLv2, SSLv3, and TLSv1 hello messages. However, the SSL client using the SSLv23 method cannot establish connection with the SSL server with the SSLv3/TLSv1 method because SSLv2 hello message is sent by the client.

The SSL_CTX_new() API takes the SSL_METHODstructure as an argument and creates an SSL_CTXstructure.

In the following example, an SSL_METHOD structure that can be used for either an SSLv3 client or SSLv3 server is created and passed to SSL_CTX_new(). TheSSL_CTX structure is initialized for SSLv3 client and server.

meth = SSLv3_method();
ctx = SSL_CTX_new(meth);

Setting Up the Certificate and Key

"Certificates for SSL Applications" discussed how the SSL client and server programs require you to set up appropriate certificates. This setup is done by loading the certificates and keys into the SSL_CTX or SSL structures. The mandatory and optional certificates are as follows:

For the SSL server:

Server's own certificate (mandatory)CA certificate (optional)

For the SSL client:

CA certificate (mandatory)Client's own certificate (optional)

=

Loading a Certificate (Client/Server Certificate)

Use the SSL_CTX_use_certificate_file() API to load a certificate into an SSL_CTX structure. Use theSSL_use_certificate_file() API to load a certificate into an SSL structure. When the SSLstructure is created, the SSL structure automatically loads the same certificate that is contained in theSSL_CTX structure. Therefore, you onlyneed to call theSSL_use_certificate_file() API for the SSLstructure only if it needs to load a different certificate than the default certificate contained in the SSL_CTXstructure.

Loading a Private Key

The next step is to set a private key that corresponds to the server or client certificate. In the SSL handshake, a certificate (which contains the public key) is transmitted to allow the peer to use it for encryption. The encrypted message sent from the peer can be decrypted only using the private key. You must preload the private key that was created with the public key into the SSLstructure.

The following APIs load a private key into an SSL orSSL_CTX structure:

SSL_CTX_use_PrivateKey()

SSL_CTX_use_PrivateKey_ASN1()

SSL_CTX_use_PrivateKey_file()

SSL_CTX_use_RSAPrivateKey()

SSL_CTX_use_RSAPrivateKey_ASN1()

SSL_CTX_use_RSAPrivateKey_file()

SSL_use_PrivateKey()

SSL_use_PrivateKey_ASN1()

SSL_use_PrivateKey_file()

SSL_use_RSAPrivateKey()

SSL_use_RSAPrivateKey_ASN1()

SSL_use_RSAPrivateKey_file()

Loading a CA Certificate

To verify a certificate, you must first load a CA certificate (because the peer certificate is verified against a CA certificate). TheSSL_CTX_load_verify_locations() API loads a CA certificate into the SSL_CTX structure.

The prototype of this API is as follows:

int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath);

The first argument, ctx, points to an SSL_CTX structure into which the CA certificate is loaded. The second and third arguments, CAfile and CApath, are used to specify the location of the CA certificate. When looking up CA certificates, the OpenSSL library first searches the certificates in CAfile, then those in CApath.

The following rules apply to the CAfile and CApatharguments:

If the certificate is specified by CAfile (the certificate must exist in the same directory as the SSL application), specify NULL for CApath.

To use the third argument, CApath, specify NULL for CAfile. You must also hash the CA certificates in the directory specified by CApath. Use the Certificate Tool (described in Chapter 3) to perform the hashing operation.

Setting Up Peer Certificate Verification

The CA certificate loaded in the SSL_CTX structure is used for peer certificate verification. For example, peer certificate verification on the SSL client is performed by checking the relationships between the CA certificate (loaded in the SSL client) and the server certificate.

For successful verification, the peer certificate must be signed with the CA certificate directly or indirectly (a proper certificate chain exists). The certificate chain length from the CA certificate to the peer certificate can be set in the verify_depth field of the SSL_CTXandSSL structures. (The value in SSL is inherited fromSSL_CTX when you create an SSL structure using theSSL_new() API). Setting verify_depth to 1 means that the peer certificate must be directly signed by the CA certificate.

The SSL_CTX_set_verify() API allows you to set the verification flags in the SSL_CTX structure and a callback function for customized verification as its third argument. (Setting NULL to the callback function means the built-in default verification function is used.) In the second argument of SSL_CTX_set_verify(), you can set the following macros:

SSL_VERIFY_NONE

ì

SSL_VERIFY_PEER

SSL_VERIFY_FAIL_IF_NO_PEER_CERT

SSL_VERIFY_CLIENT_ONCE

The SSL_VERIFY_PEER macro can be used on both SSL client and server to enable the verification. However, the subsequent behaviors depend on whether the macro is set on a client or a server. For example:

/* Set a callback function (verify_callback) for peer certificate */
/* verification */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
/* Set the verification depth to 1 */
SSL_CTX_set_verify_depth(ctx,1);

You can verify a peer certificate in another, less common way - by using theSSL_get_verify_result() API. This method allows you to obtain the peer certificate verification result without using the SSL_CTX_set_verify() API.

Call the following two APIs before you call theSSL_get_verify_result() API:

Call SSL_connect() (in the client) or SSL_accept() (in the server) to perform the SSL handshake. Certificate verification is performed during the handshake. SSL_get_verify_result() cannot obtain the result before the verification process.

Call SSL_get_peer_certificate() to explicitly obtain the peer certificate. The X509_V_OK macro value is returned when a peer certificate is not presented as well as when the verification succeeds.

The following code shows how to useSSL_get_verify_result() in the SSL client:

SSL_CTX_set_verify_depth(ctx, 1);
err = SSL_connect(ssl);
if(SSL_get_peer_certificate(ssl) != NULL)
{
if(SSL_get_verify_result(ssl) == X509_V_OK) BIO_printf(bio_c_out, "client verification with SSL_get_verify_result()
succeeded.\n");
else{

BIO_printf(bio_err, "client verification with SSL_get_verify_result()
failed.\n");

exit(1);
}
}
else
BIO_printf(bio_c_out, -the peer certificate was not presented.\n-);

Example 1: Setting Up Certificates for the SSL Server

The SSL protocol requires that the server set its own certificate and key. If you want the server to conduct client authentication with the client certificate, the server must load a CA certificate so that it can verify the client-s certificate.

The following example shows how to set up certificates for the SSL server:

/* Load server certificate into the SSL context */
if (SSL_CTX_use_certificate_file(ctx, SERVER_CERT,
SSL_FILETYPE_PEM) <= 0) } ERR_print_errors(bio_err); /* ==
ERR_print_errors_fp(stderr); */
exit(1);
}

/* Load the server private-key into the SSL context */
if (SSL_CTX_use_PrivateKey_file(ctx, SERVER_KEY,
SSL_FILETYPE_PEM) <= 0) { ERR_print_errors(bio_err); /* ==
ERR_print_errors_fp(stderr); */
exit(1);
}

/* Load trusted CA. */
if (!SSL_CTX_load_verify_locations(ctx,CA_CERT,NULL)) {
ERR_print_errors(bio_err); /* ==
ERR_print_errors_fp(stderr); */
exit(1);
}

/* Set to require peer (client) certificate verification */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback);
/* Set the verification depth to 1 */
SSL_CTX_set_verify_depth(ctx,1);

Example 2: Setting Up Certificates for the SSL Client

Generally, the SSL client verifies the server certificate in the process of the SSL handshake. This verification requires the SSL client to set up its trusting CA certificate. The server certificate must be signed with the CA certificate loaded in the SSL client in order for the server certificate verification to succeed.

The following example shows how to set up certificates for the SSL client:

/*----- Load a client certificate into the SSL_CTX structure -----*/
if(SSL_CTX_use_certificate_file(ctx,CLIENT_CERT,
SSL_FILETYPE_PEM) <= 0){
ERR_print_errors_fp(stderr);
exit(1);
}

/*----- Load a private-key into the SSL_CTX structure -----*/
if(SSL_CTX_use_PrivateKey_file(ctx,CLIENT_KEY,
SSL_FILETYPE_PEM) <= 0){
ERR_print_errors_fp(stderr);
exit(1);
}

/* Load trusted CA. */
if (!SSL_CTX_load_verify_locations(ctx,CA_CERT,NULL)) {
ERR_print_errors_fp(stderr);
exit(1);
}

Creating and Setting Up the SSL Structure

Call SSL_new() to create an SSL structure. Information for an SSL connection is stored in the SSL structure. The protocol for the SSL_new() API is as follows:

ssl = SSL_new(ctx);

A newly created SSL structure inherits information from the SSL_CTX structure. This information includes types of connection methods, options, verification settings, and timeout settings. No additional settings are required for the SSL structure if the appropriate initialization and configuration have been done for theSSL_CTX structure.

You can modify the default values in the SSL structure using SSL APIs. To do this, use variants of the APIs that set attributes of the SSL_CTX structure. For example, you can use SSL_CTX_use_certificate() to load a certificate into an SSL_CTX structure, and you can useSSL_use_certificate() to load a certificate into anSSL structure.

Setting Up the TCP/IP Connection

Although SSL works with some other reliable protocols, TCP/IP is the most common transport protocol used with SSL.

The following sections describe how to set up TCP/IP for the SSL APIs. This configuration is the same as in many other TCP/IP client/server application programs; it is not specific to SSL API applications. In these sections, TCP/IP is set up with the ordinary socket APIs, although it is also possible to use OpenVMS system services.

Creating and Setting Up the Listening Socket (on the SSL Server)

The SSL server needs two sockets as an ordinary TCP/IP server—one for the SSL connection, the other for detecting an incoming connection request from the SSL client.

In the following code, the socket() function creates a listening socket. After the address and port are assigned to the listening socket with bind(), thelisten() function allows the listening socket to handle an incoming TCP/IP connection request from the client.

listen_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
CHK_ERR(listen_sock, "socket");

memset(&sa_serv, 0, sizeof(sa_serv));
sa_serv.sin_family = AF_INET;
sa_serv.sin_addr.s_addr = INADDR_ANY;
sa_serv.sin_port = htons(s_port); /* Server Port number */

err = bind(listen_sock, (struct sockaddr*)&sa_serv,sizeof(sa_serv));
CHK_ERR(err, "bind");

/* Receive a TCP connection. */
err = listen(listen_sock, 5);
CHK_ERR(err, "listen");

Creating and Setting Up the Socket (on the SSL Client)

On the client, you must create a TCP/IP socket and attempt to connect to the server with this socket. To establish a connection to the specified server, the TCP/IP connect() function is used. If the function succeeds, the socket passed to the connect() function as a first argument can be used for data communication over the connection.

sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
CHK_ERR(sock, "socket"); memset (&server_addr, '\0', sizeof(server_addr));
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(s_port); /* Server Port number */
server_addr.sin_addr.s_addr = inet_addr(s_ipaddr); /* Server IP */

err = connect(sock, (struct sockaddr*) &server_addr, sizeof(server_addr));
CHK_ERR(err, "connect");

Establishing a TCP/IP Connection (on the SSL Server)

To accept an incoming connection request and to establish a TCP/IP connection, the SSL server needs to call the accept() function. The socket created with this function is used for the data communication between the SSL client and server. For example:

sock = accept(listen_sock, (struct sockaddr*)&sa_cli, &client_len);
BIO_printf(bio_c_out, "Connection from %lx, port %x\n",
sa_cli.sin_addr.s_addr, sa_cli.sin_port);c

Setting Up the Socket/Socket BIO in the SSL Structure

After you create the SSL structure and the TCP/IP socket (sock), you must configure them so that SSL data communication with the SSL structure can be performed automatically through the socket.

The following code fragments show the various ways to assign sock to ssl. The simplest way is to set the socket directly into the SSL structure, as follows:

SSL_set_fd(ssl, sock);

A better way is to use a BIO structure, which is the I/O abstraction provided by OpenSSL. This way is preferable because BIO hides details of an underlying I/O. As long as a BIO structure is set up properly, you can establish SSL connections over any I/O.

The following two examples demonstrate how to create a socket BIO and set it into the SSL structure.

sbio=BIO_new(BIO_s_socket());
BIO_set_fd(sbio, sock, BIO_NOCLOSE);
SSL_set_bio(ssl, sbio, sbio);

In the following example, the BIO_new_socket() API creates a socket BIO in which the TCP/IP socket is assigned, and the SSL_set_bio() API assigns the socket BIO into the SSL structure. The following two lines of code are equivalent to the preceding three lines:

sbio = BIO_new_socket(socket, BIO_NOCLOSE);
SSL_set_bio(ssl, sbio, sbio);NOTE: If there is already a BIO connected to ssl, BIO_free() is called (for both the reading and writing side, if different).

SSL Handshake

The SSL handshake is a complicated process that involves significant cryptographic key exchanges. However, the handshake can be completed by callingSSL_accept() on the SSL server and SSL_connect() on the SSL client.

SSL Handshake on the SSL Server

The SSL_accept() API waits for an SSL handshake initiation from the SSL client. Successful completion of this API means that the SSL handshake has been completed.

err = SSL_accept(ssl);

SSL Handshake on the SSL Client

The SSL client calls the SSL_connect() API to initiate an SSL handshake. If this API returns a value of 1, the handshake has completed successfully. The data can now be transmitted securely over this connection.

err = SSL_connect(ssl);

Performing an SSL Handshake with SSL_read and SSL_write (Optional)

Optionally, you can call SSL_write() and SSL_read() to complete the SSL handshake as well as perform SSL data exchange. With this approach, you must callSSL_set_accept_state() before you callSSL_read() on the SSL server. You must also callSSL_set_connect_state()before you callSSL_write() on the client. For example:

/* When SSL_accept() is not called, SSL_set_accept_state() */
/* must be called prior to SSL_read() */
SSL_set_accept_state(ssl);

/* When SSL_connect() is not called, SSL_set_connect_state() */
/* must be called prior to X SSL_write() */
SSL_set_connect_state(ssl);

Obtaining a Peer Certificate (Optional)

Optionally, after the SSL handshake, you can obtain a peer certificate by callingSSL_get_peer_certificate(). This API is often used for straight certificate verification, such as checking certificate information (for example, the common name and expiration date).

peer_cert = SSL_get_peer_certificate(ssl);

Transmitting SSL Data

After the SSL handshake is completed, data can be transmitted securely over the established SSL connection. SSL_write() and SSL_read() are used for SSL data transmission, just as write() and read() orsend() and recv() are used for an ordinary TCP/IP connection.

Sending Data

To send data over the SSL connection, callSSL_write(). The data to be sent is stored in the buffer specified as a second argument. For example:

err = SSL_write(ssl, wbuf, strlen(wbuf));

Receiving Data

To read data sent from the peer over the SSL connection, call SSL_read(). The received data is stored in the buffer specified as a second argument. For example:

err = SSL_read(ssl, rbuf, sizeof(rbuf)-1);

Using BIOs for SSL Data Transmission (Optional)

Instead of using SSL_write() and SSL_read(), you can transmit data by calling BIO_puts() andBIO_gets(), and BIO_write() and BIO_read(), provided that a buffer BIO is created and set up as follows:

BIO *buf_io, *ssl_bio;
char rbuf[READBUF_SIZE];
char wbuf[WRITEBUF_SIZE]

buf_io = BIO_new(BIO_f_buffer()); /* create a buffer BIO */
ssl_bio = BIO_new(BIO_f_ssl()); /* create an ssl BIO */
BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); /* assign the ssl BIO to SSL */
BIO_push(buf_io, ssl_bio); /* add ssl_bio to buf_io */

ret = BIO_puts(buf_io, wbuf);
/* Write contents of wbuf[] into buf_io */
ret = BIO_write(buf_io, wbuf, wlen);
/* Write wlen-byte contents of wbuf[] into buf_io */

ret = BIO_gets(buf_io, rbuf, READBUF_SIZE);
/* Read data from buf_io and store in rbuf[] */
ret = BIO_read(buf_io, rbuf, rlen);
/* Read rlen-byte data from buf_io and store rbuf[] */

Closing an SSL Connection

When you close an SSL connection, the SSL client and server send close_notify messages to notify each other of the SSL closure. You use the SSL_shutdown() API to send the close_notify alert to the peer.

The shutdown procedure consists of two steps:

Sending a close_notify shutdown alert

Receiving a close_notify shutdown alert from the peer

The following rules apply to closing an SSL connection:

Either party can initiate a close by sending aclose_notify alert.

Any data received after sending a closure alert is ignored.

Each party is required to send a close_notifyalert before closing the write side of the connection.

The other party is required both to respond with aclose_notify alert of its own and to close down the connection immediately, discarding any pending writes.

The initiator of the close is not required to wait for the responding close_notify alert before closing the read side of the connection.

The SSL client or server that initiates the SSL closure calls SSL_shutdown() either once or twice. If it calls the API twice, one call sends the close_notify alert and one call receives the response from the peer. If the initator calls the API only once, the initiator does not receive the close_notify alert from the peer. (The initiator is not required to wait for the responding alert.)

The peer that receives the alert calls SSL_shutdown() once to send the alert to the initiating party.

Resuming an SSL Connection

You can reuse the information from an already established SSL session to create a new SSL connection. Because the new SSL connection is reusing the same master secret, the SSL handshake can be performed more quickly. As a result, SSL session resumption can reduce the load of a server that is accepting many SSL connections.

Perform the following steps to resume an SSL session on the SSL client:

Start the first SSL connection. This also creates an SSL session.

ret = SSL_connect(ssl)
(Use SSL_read() / SSL_write() for data communication
over the SSL connection)

Save the SSL session information.

sess = SSL_get1_session(ssl);
/* sess is an SSL_SESSION, and ssl is an SSL */

Shut down the first SSL connection.

SSL_shutdown(ssl);

Create a new SSL structure.

ssl = SSL_new(ctx);

Set the SSL session to a new SSL session before calling SSL_connect().

SSL_set_session(ssl, sess);
err = SSL_connect(ssl);

Start the second SSL connection with resumption of the session.

ret = SSL_connect(ssl)
(Use SSL_read() / SSL_write() for data communication
over the SSL connection)

If the SSL client calls SSL_get1_session() andSSL_set_session(), the SSL server can accept a new SSL connection using the same session without calling special APIs to resume the session. The server does this by following the steps discussed in "Creating and Setting Up the SSL Structure ", "Setting Up the TCP/IP Connection", "Setting Up the Socket/Socket BIO in the SSL Structure", "SSL Handshake", and "Transmitting SSL Data".

NOTE: Calling SSL_free() results in the failure of the SSL session to resume, even if you saved the SSL session with SSL_get1_session().

Renegotiating the SSL Handshake

SSL renegotiation is a new SSL handshake over an already established SSL connection. Because the renegotiation messages (including types of ciphers and encryption keys) are encrypted and then sent over the existing SSL connection, SSL renegotiation can establish another SSL session securely. SSL renegotiation is useful in the following situations, once you have established an ordinary SSL session:

When you require client authentication

When you are using a different set of encryption and decryption keys

When you are using a different set of encryption and hashing algorithms

SSL renegotiation can be initiated by either the SSL client or the SSL server. Initiating an SSL renegotiation on the client requires a different set of APIs (on both the initiating SSL client and the accepting server) from the APIs required for the initiation on the SSL server (in this case, on the initiating SSL server and the accepting SSL client).

Programming languages -Innovation in cutting edge cone

Experimental programming language No. 1: Dart

JavaScript is fine for adding basic interactivity to Web pages, but when your Web applications swell to thousands of lines of code, its weaknesses quickly become apparent. That's why Google created Dart, a language it hopes will become the new vernacular of Web programming.

Like JavaScript, Dart uses C-like syntax and keywords. One significant difference, however, is that while JavaScript is a prototype-based language, objects in Dart are defined using classes and interfaces, as in C++ or Java. Dart also allows programmers to optionally declare variables with static types. The idea is that Dart should be as familiar, dynamic, and fluid as JavaScript, yet allow developers to write code that is faster, easier to maintain, and less susceptible to subtle bugs.

You can't do much with Dart today. It's designed to run on either the client or the server (a la Node.js), but the only way to run client-side Dart code so far is to cross-compile it to JavaScript. Even then it doesn't work with every browser. But because Dart is released under a BSD-style open source license, any vendor that buys Google's vision is free to build the language into its products. Google only has an entire industry to convince.
Experimental programming language No. 2: Ceylon

Gavin King denies that Ceylon, the language he's developing at Red Hat, is meant to be a "Java killer." King is best known as the creator of the Hibernate object-relational mapping framework for Java. He likes Java, but he thinks it leaves lots of room for improvement.

Among King's gripes are Java's verbose syntax, its lack of first-class and higher-order functions, and its poor support for meta-programming. In particular, he's frustrated with the absence of a declarative syntax for structured data definition, which he says leaves Java "joined at the hip to XML." Ceylon aims to solve all these problems.
Experimental programming language No. 3: Go

Interpreters, virtual machines, and managed code are all the rage these days. Do we really need another old-fashioned language that compiles to native binaries? A team of Google engineers -- led by Robert Griesemer and Bell Labs legends Ken Thompson and Rob Pike -- says yes.

Go is a general-purpose programming language suitable for everything from application development to systems programing. In that sense, it's more like C or C++ than Java or C#. But like the latter languages, Go includes modern features such as garbage collection, runtime reflection, and support for concurrency.

Equally important, Go is meant to be easy to program in. Its basic syntax is C-like, but it eliminates redundant syntax and boilerplate while streamlining operations such as object definition. The Go team's goal was to create a language that's as pleasant to code in as a dynamic scripting language yet offers the power of a compiled language.
Experimental programming language No. 4: F#

Functional programming has long been popular with computer scientists and academia, but pure functional languages like Lisp and Haskell are often considered unworkable for real-world software development. One common complaint is that functional-style code can be difficult to integrate with code and libraries written in imperative languages like C++ and Java.

Enter F# (pronounced "F-sharp"), a Microsoft language designed to be both functional and practical. Because F# is a first-class language on the .Net Common Language Runtime (CLR), it can access all of the same libraries and features as other CLR languages, such as C# and Visual Basic.
Experimental programming language No. 5: Opa

Web development is too complicated. Even the simplest Web app requires countless lines of code in multiple languages: HTML and JavaScript on the client, Java or PHP on the server, SQL in the database, and so on.
Experimental programming language No. 6: Fantom

Should you develop your applications for Java or .Net? If you code in Fantom, you can take your pick and even switch platforms midstream. That's because Fantom is designed from the ground up for cross-platform portability. The Fantom project includes not just a compiler that can output bytecode for either the JVM or the .Net CLI, but also a set of APIs that abstract away the Java and .Net APIs, creating an additional portability layer.

There are plans to extend Fantom's portability even further. A Fantom-to-JavaScript compiler is already available, and future targets might include the LLVM compiler project, the Parrot VM, and Objective-C for iOS.

Web 3.0- Future Trend

Overview

The Web is entering a new phase of evolution. There has been much debate recently about what to call this new phase. Some would prefer to not name it all, while others suggest continuing to call it "Web 2.0". However, this new phase of evolution has quite a different focus from what Web 2.0 has come to mean.
 

 
 

Web 3.0

John Markoff of the New York Timesrecently suggested naming this third-generation of the Web, "Web 3.0". This suggestion has led to quite a bit of debate within the industry. Those who are attached to the Web 2.0 moniker have reacted by claiming that such a term is not warranted while others have responded positively to the term, noting that there is indeed a characteristic difference between the coming new stage of the Web and what Web 2.0 has come to represent.
 
The term Web 2.0 was never clearly defined and even today if one asks ten people what it means one will likely get ten different definitions. However, most people in the Web industry would agree that Web 2.0 focuses on several major themes, including AJAX, social networking,folksonomies, lightweight collaboration, social bookmarking, and media sharing. While the innovations and practices of Web 2.0 will continue to develop, they are not the final step in the evolution of the Web.
 
In fact, there is a lot more in store for the Web. We are starting to witness the convergence of several growing technology trends that are outside the scope of what Web 2.0 has come to mean. These trends have been gestating for a decade and will soon reach a tipping point. At this juncture the third-generation of the Web will start.
 
 

More Intelligent Web

 The threshold to the third-generation Web will be crossed in 2007. At this juncture the focus of innovation will start shift back from front-end improvements towards back-end infrastructure level upgrades to the Web. This cycle will continue for five to ten years, and will result in making the Web more connected, more open, and more intelligent. It will transform the Web from a network of separately siloed applications and content repositories to a more seamless and interoperable whole.
 
Because the focus of the third-generation Web is quite different from that of Web 2.0, this new generation of the Web probably does deserve its own name. In keeping with the naming convention established by labeling the second generation of the Web as Web 2.0, I agree with John Markoff that this third-generation of the Web could be called Web 3.0.
 
 

Timeline and Definition

Web 1.0. Web 1.0 was the first generation of the Web. During this phase the focus was primarily on building the Web, making it accessible, and commercializing it for the first time. Key areas of interest centered on protocols such as HTTP, open standard markup languages such as HTML and XML, Internet access through ISPs, the first Web browsers, Web development platforms and tools, Web-centric software languages such as Java and Javascript, the creation of Web sites, the commercialization of the Web and Web business models, and the growth of key portals on the Web.
 
Web 2.0. According to the Wikipedia, "Web 2.0, a phrase coined by O'Reilly Media in 2004, refers to a supposed second generation of Internet-based services — such as social networking sites, wikis, communication tools, and folksonomies — that emphasize online collaboration and sharing among users."
 
I would also add to this definition another trend that has been a major factor in Web 2.0 — the emergence of the mobile Internet and mobile devices (including camera phones) as a major new platform driving the adoption and growth of the Web, particularly outside of the United States.
 
Web 3.0. Using the same pattern as the above Wikipedia definition, Web 3.0 could be defined as: "Web 3.0, a phrase coined by John Markoff of the New York Times in 2006, refers to a supposed third generation of Internet-based services that collectively comprise what might be called 'the intelligent Web' — such as those using semantic web, microformats, natural language search, data-mining, machine learning, recommendation agents, and artificial intelligence technologies — which emphasize machine-facilitated understanding of information in order to provide a more productive and intuitive user experience."
 
Web 3.0 Expanded Definition. I propose expanding the above definition of Web 3.0 to be a bit more inclusive. There are actually several major technology trends that are about to reach a new level of maturity at the same time. The simultaneous maturity of these trends is mutually reinforcing, and collectively they will drive the third-generation Web. From this broader perspective, Web 3.0 might be defined as a third-generation of the Web enabled by the convergence of several key emerging technology trends:
 
Ubiquitous Connectivity
Broadband adoptionMobile Internet accessMobile devicesNetwork Computing
Software-as-a-service business modelsWeb services interoperabilityDistributed computing (P2P, grid computing, hosted "cloud computing" server farms such as Amazon S3)Open Technologies
Open APIs and protocolsOpen data formatsOpen-source software platformsOpen data (Creative Commons, Open Data License, etc.)Open Identity
Open identity (OpenID)Open reputationPortable identity and personal data (for example, the ability to port your user account and search history from one service to another)The Intelligent Web
Semantic Web technologies (RDF, OWL,SWRL, SPARQL, Semantic application platforms, and statement-based datastores such as triplestores,tuplestores and associative databases)Distributed databases — or what I call "The World Wide Database" (wide-area distributed database interoperability enabled by Semantic Web technologies)Intelligent applications (natural language processing, machine learning, machine reasoning, autonomous agents)

Web 2.0

Web 2.0 ?!

I'm using the term "Web 2.0 design" to describe the prevailing style of the best web design

Many people use the term "Web 2.0″ to describe:

a resurgence in the web economya new level of technological interactivity between web sites and servicesor social phenomena deriving from new types of online communities and social networks

Many others also use the term in reference to a recent school of best-practice web design. I'm comfortable with using it in that context here.

In sociological terms, movements impact people on many levels: economic, cultural, political, etc. Is skate-punk about entertainment and sport, music and the music industry, fashion, or the breakdown of society?

Best Web Design Features

I'm going to take you through the features of the current wave of the best website designs, dissect the most significant features, explain why each one can be good, and show you how to use them in your own sites.

If I had to sum up "Web 2.0″ design in one word, it would have to be "simplicity", so that's where we'll start.

I'm a great believer in simplicity. I think it's the way forward for web design.

Today's simple, bold, elegant page designs deliver more with less:

They enable designers to shoot straight for the site's goals, by guiding the site visitor's eye through the use of fewer, well-chosen visual elements.They use fewer words but say more, and carefully selected imagery to create the desired feel.They reject the idea that we can't guess what people want from our sites

1. Simplicity

"Use as few features as are necessary to achieve what you need to achieve"

Web design is simpler than ever, and that's a good thing.

2.0 design means focused, clean and simple.

That doesn't necessarily mean minimalist, as I'll explain later.

I really believe in simplicity. That's not to say that all websites should be minimal, but that we should use as few features as are necessary to achieve what you need to achieve.

Here are some examples. Note how unnecessary elements have been stripped out from each. There could be a lot more on each page than there is… but would that make them stronger?

The result is that you have to look at the content. You find yourself interacting with exactly the screen features the designer intended. And you don't mind – it's easy, and you get just what you came for.

Here's a great case in point. Atlas Software help businesses with cloud software solutions. Their website tells you exactly what you need to know, with very little decoration or unnecessary visual information. The content comes through.

More examples of simple design

 

Configuring DNS part2

Name Servers

Name Servers specify all name servers for a particular domain. You set up all primary and secondary name servers through this record.

To create a Name Server, follow these steps:

Select DNS from the Administrative Tools folder to open the DNS console.Expand the Forward Lookup Zone.Right-click on the appropriate domain and choose Properties (Figure N).Select the Name Servers tab and click Add.Enter the appropriate FQDN Server name and IP address of the DNS server you want to add.

Figure N

Name Server

Host (A) records

A Host (A) record maps a host name to an IP address. These records help you easily identify another server in a forward lookup zone. Host records improve query performance in multiple-zone environments, and you can also create a Pointer (PTR) record at the same time. A PTR record resolves an IP address to a host name.

To create a Host record:

Select DNS from the Administrative Tools folder to open the DNS console.Expand the Forward Lookup Zone and click on the folder representing your domain.From the Action menu, select New Host.Enter the Name and IP Address of the host you are creating (Figure O).Select the Create Associated Pointer (PTR) Record check box if you want to create the PTR record at the same time. Otherwise, you can create it later.Click the Add Host button.

Figure O

A Host (A) record

Pointer (PTR) records

A Pointer (PTR) record creates the appropriate entry in the reverse lookup zone for reverse queries. As you saw in Figure H, you have the option of creating a PTR record when creating a Host record. If you did not choose to create your PTR record at that time, you can do it at any point.

To create a PTR record:

Select DNS from the Administrative Tools folder to open the DNS console.Choose the reverse lookup zone where you want your PTR record created.From the Action menu, select New Pointer (Figure P).Enter the Host IP Number and Host Name.Click OK.

Figure P

New Pointer

Canonical Name (CNAME) or Alias records

A Canonical Name (CNAME) or Alias record allows a DNS server to have multiple names for a single host. For example, an Alias record can have several records that point to a single server in your environment. This is a common approach if you have both your Web server and your mail server running on the same machine.

To create a DNS Alias:

Select DNS from the Administrative Tools folder to open the DNS console.Expand the Forward Lookup Zone and highlight the folder representing your domain.From the Action menu, select New Alias.Enter your Alias Name (Figure Q).Enter the fully qualified domain name (FQDN).Click OK.

Figure Q

Alias Name

Mail Exchange (MX) records

Mail Exchange records help you identify mail servers within a zone in your DNS database. With this feature, you can prioritize which mail servers will receive the highest priority. Creating MX records will help you keep track of the location of all of your mail servers.

To create a Mail Exchange (MX) record:

Select DNS from the Administrative Tools folder to open the DNS console.Expand the Forward Lookup Zone and highlight the folder representing your domain.From the Action menu, select New Mail Exchanger.Enter the Host Or Domain (Figure R).Enter the Mail Server and Mail Server Priority.Click OK.

Figure R

Host or Domain

Other new records

You can create many other types of records. For a complete description, choose Action | Other New Records from the DNS console (Figure S). Select the record of your choice and view the description.

Figure S

Create records from the DNS console

Troubleshooting DNS servers

When troubleshooting DNS servers, the nslookuputility will become your best friend. This utility is easy to use and very versatile. It's a command-line utility that is included within Windows 2008. With nslookup, you can perform query testing of your DNS servers. This information is useful in troubleshooting name resolution problems and debugging other server-related problems. You can access nslookup (Figure T) right from the DNS console.

Figure T

Configuring DNS

Without DNS, computers would have a very tough time communicating with each other. However, most Windows administrators still rely on WINS for name resolution on local area networks and some have little or no experience with DNS. Steven Warren explains how to install, configure, and troubleshoot a Windows Server 2008 DNS server.

As many of you are probably aware, the Domain Name System (DNS) is now the name resolution system of choice in Windows. Without it, computers would have a very tough time communicating with each other. However, most Windows administrators still rely on the Windows Internet Name Service (WINS) for name resolution on local area networks and some have little or no experience with DNS. If you fall into this category, read on. We'll explain how to install, configure, and troubleshoot a Windows Server 2008 DN
Installtion

You can install a DNS server from the Control Panel or when promoting a member server to a domain controller (DC) (Figure A). During the promotion, if a DNS server is not found, you will have the option of installing it.

Figure A

Domain controller

To install a DNS server from the Control Panel, follow these steps:

From the Start menu, select | Control Panel | Administrative Tools | Server Manager.Expand and click Roles (Figure B).Choose Add Roles and follow the wizard by selecting the DNS role (Figure C).Click Install to install DNS in Windows Server 2008 (Figure D).

Figure B

Expand and click Roles

Figure C

DNS role

Figure D

Install DNS

DNS console and configuration

After installing DNS, you can find the DNS console from Start | All Programs | Administrative Tools | DNS. Windows 2008 provides a wizard to help configure DNS.

When configuring your DNS server, you must be familiar with the following concepts:

Forward lookup zoneReverse lookup zoneZone types

A forward lookup zone is simply a way to resolve host names to IP addresses. A reverse lookup zone allows a DNS server to discover the DNS name of the host. Basically, it is the exact opposite of a forward lookup zone. A reverse lookup zone is not required, but it is easy to configure and will allow for your Windows Server 2008 Server to have full DNS functionality.

When selecting a DNS zone type, you have the following options: Active Directory (AD) Integrated, Standard Primary, and Standard Secondary. AD Integrated stores the database information in AD and allows for secure updates to the database file. This option will appear only if AD is configured. If it is configured and you select this option, AD will store and replicate your zone files.

A Standard Primary zone stores the database in a text file. This text file can be shared with other DNS servers that store their information in a text file. Finally, a Standard Secondary zone simply creates a copy of the existing database from another DNS server. This is primarily used for load balancing.

To open the DNS server configuration tool:

Select DNS from the Administrative Tools folder to open the DNS console.Highlight your computer name and choose Action | Configure a DNS Server... to launch the Configure DNS Server Wizard.Click Next and choose to configure the following: forward lookup zone, forward and reverse lookup zone, root hints only (Figure E).Click Next and then click Yes to create a forward lookup zone (Figure F).Select the appropriate radio button to install the desired Zone Type (Figure G).Click Next and type the name of the zone you are creating.Click Next and then click Yes to create a reverse lookup zone.Repeat Step 5.Choose whether you want an IPv4 or IPv6 Reverse Lookup Zone (Figure H).Click Next and enter the information to identify the reverse lookup zone (Figure I).You can choose to create a new file or use an existing DNS file (Figure J).On the Dynamic Update window, specify how DNS accepts secure, nonsecure, or no dynamic updates.If you need to apply a DNS forwarder, you can apply it on the Forwarders window. (Figure K).Click Finish (Figure L).

Figure E

Configure

Figure F

Forward lookup zone

Figure G

Desired zone

Figure H

IPv4 or IPv6

Figure I

Reverse lookup zone

Figure J

Choose new or existing DNS file

Figure K

Forwarders window

Figure L

Finish

Managing DNS records

You have now installed and configured your first DNS server, and you're ready to add records to the zone(s) you created. There are various types of DNS records available. Many of them you will never use. We'll be looking at these commonly used DNS records:

Start of Authority (SOA)Name ServersHost (A)Pointer (PTR)Canonical Name (CNAME) or AliasMail Exchange (MX)

Start of Authority (SOA) record

The Start of Authority (SOA) resource record is always first in any standard zone. The Start of Authority (SOA) tab allows you to make any adjustments necessary. You can change the primary server that holds the SOA record, and you can change the person responsible for managing the SOA. Finally, one of the most important features of Windows 2000 is that you can change your DNS server configuration without deleting your zones and having to re-create the wheel (Figure M).

Figure M

Updating BIOS on windows

DISCLAIMER:
First of all i want you all to know that updating the BIOS is dangerous and doing it wrong can brick your motherboard so unless the update doesn't help you in anyway don't do it otherwise i will not be responsible for the result.

PROCEDURE:
1: First of all go to the this link here and download speccy.
2: Install it and open it and on the very first page you should see basic details about your computer.
There should be be a motherboard heading with make and model you need to remember the model.
3: Go to the intel site put your motherboard model (remember to double check that you entered and are on the correct motherboard page) and go to the support>drivers>download and then go to the BIOS section and then click on the latest version of bios update.
4: There are gonna be 4 to 3 choices here ISO, BIO, IFLASH2, Express Update. I am going with the .BIO version file here since the other methods didn't work in my motherboard and basically this method should work on every intel motherboard.
5: After you download the file (generally it is a single file) go to this link here and carefully follow the steps to make the bootable USB or thumb drive.
6: After you done following the above guide place the download xxx.BIO file in the usb and then shut down the computer.
7: Unplug the AC power cable and open the chassis or the back cover now there should be small yellow jumper on the motherboard (it is the generally the only small thing on the whole motherboard but ask if you are not sure) make sure you remember how it is connected and then remove it.
8: Connect the USB or thumb drive on the pc and then replug the AC power cable.
9: After the Intel Logo or the splash sceen updating of the bios should automatically begin let it happen.
10: After you receive the successful update prompt let it restart and then turn it off unplug the AC power cable put the jumper back in it's position and then plug the AC power cable and your BIOS should be updated and you should be good to go.

Booting windows 8 in safe mode

Are you struggling to boot intoSafe Mode in Windows 8 or Windows 8.1? Have you tried pressing both F8 and Shift+F8and they don't work? That's because a lot has changed with the boot procedure in Windows 8 and Windows 8.1. The boot has become so fast that it literally cannot be interrupted by any of your keypresses. Here are 5 ways in which you can boot into Safe Mode, that don't involve any special hacks or manual configuration.

Safe Mode in Windows 8 and Windows 8.1

Safe Mode in Windows 8 and Windows 8.1 is not too different from the Safe Modefound in earlier versions of Windows.

The operating system still loads only the most basic drivers and services, so that it can display a minimal useful interface. The only important difference is that the minimum screen resolution used by Safe Mode has risen from 800x600 pixels to 1024x768 pixels.

1. Use the System Configuration Tool (msconfig.exe) - works in Windows 8 & 8.1

The easiest method for booting into Safe Mode is to use the System Configurationtool, also known as msconfig.exe.

Go to the Boot tab and, in the Boot optionssection check the box that says "Safe boot". Then, click or tap OK.

You are informed that you need to restart your computer. Click Restart or Exit without restart depending on whether you want to restart now or later.

At the next restart, Windows 8 and Windows 8.1 start in Safe Mode.

2. Use Shift + Restart - works in Windows 8 & 8.1

Another method is to press the Powerbutton at the Windows login screen or in the Settings charm. Then, press and hold the SHIFT key on your keyboard and clickRestart.

Windows asks you to choose an option. Press Troubleshoot.

In the Troubleshoot screen, pressAdvanced options.

In the Advanced options screen, pressStartup Settings.

You are informed that you are about to restart in order to change several Windows options, including enabling Safe Mode. Press Restart.

Your computer or device restarts again and displays nine startup settings, including Safe Mode, Safe Mode with Networking and Safe Mode with Command Prompt

Press the F4 key on your keyboard, to enable Safe Mode, F5 to enable Safe Mode with Networking and F6 to enable Safe Mode with Command Prompt. Windows 8 and Windows 8.1 now boot according to the setting you selected.

3. Boot from a System Recovery CD/DVD - works only in Windows 8

In Windows 8, but not in Windows 8.1, you can create a system recovery CD or DVD. Here's the tutorial that shows how it is done: How to Create a System Repair Disc for Windows 7 & Windows 8.

Once you have that disc created, boot from it. When asked to press any key to load its content, do so.

First, you are asked to choose your keyboard layout. Press the layout you want to use. If you want to browse through the available options, press "See more keyboard layouts" until you find the one you want to use.

Then, the Choose an option screen is shown.

From here on, the steps are identical to those shown for method 2.

4. Boot from a System Recovery Memory Stick - works in Windows 8 & 8.1

In Windows 8 and Windows 8.1 you can use the Recovery Media Creator to create a system recovery drive on a USB flash Drive. Details instructions can be found in this tutorial: How to Create a Recovery Drive on a USB Memory Stick in Windows 8 & 8.1".

Boot from the USB memory stick and follow the same instructions as in method 3.

5. Use F8 or Shift + F8 (doesn't work when using UEFI BIOS & SSDs)

In Windows 7, you were able to press F8 just before Windows got loaded, to open the Advanced Boot Options window, where you could choose to start Windows 7 inSafe Mode.

Some websites advise you to pressShift+F8, just before Windows 8 or 8.1 starts loading so that you make it start the recovery mode, from where you can boot into Safe Mode. The problem is that, most times, Shift+F8 and F8 don't work, even though they are correct commands, supported by Windows 8 and Windows 8.1.

This official blog post from Microsoft (Designing for PCs that boot faster than ever before) explains that this behavior is caused by their work in designing a very fast boot procedure. Both Windows 8 and Windows 8.1 have the fastest boot times ever.