Sean/Work
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial

Browse Source
This commit is contained in:
Sean Kessler (Europa)
2024-08-07 09:16:27 -04:00
parent fdfadd5c7e
commit 5f971cf684
5200 changed files with 731717 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
docs/ABBOTT.TXT Normal file
View File

@@ -0,0 +1,20 @@
Tuesday July 14, 1998
This morning as I was leaving the house for work I found Abbott on the
front lawn. He was dead. He was not visibly bruised and I could see
no signs that he had been in a fight, except for a trickle of blood on
his front lip. I suppose he might have been hit by a car and managed
to work his way back onto the property where he just layed down and died.
I suppose it might also have been something he ate, though it would have
to be some potent poison for it to kill him in such a short period of
time, I had just seen him the night before. Needless to say, I am
very upset about Abbotts death. Moreso that it comes a year and seven
months after Costello (his brother) passed away. I took that pretty hard
as well. This is the last chapter of my tale of the two kittens that
strolled onto the back deck in the summer months of 1996. I loved them
both and cherished them and I can only hope that they are together in
heaven chasing down mice and romping around. I love you Abbott and I
love you Costello. I will never know where you came from or why you were
both taken so early in life.

BIN
docs/ASCII1.GIF Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
docs/ASCII2.GIF Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
docs/BENCHMK.FM3 Normal file
View File

Binary file not shown.

BIN
docs/BENCHMK.WK3 Normal file
View File

Binary file not shown.

BIN
docs/C3T3-2A.GIF Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
docs/C3T3-2B.GIF Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
docs/C3T3-2C.GIF Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
docs/C3T3-2D.GIF Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
docs/C3T3-2E.GIF Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
docs/C3T3-2F.GIF Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
docs/CALLID.FM3 Normal file
View File

Binary file not shown.

BIN
docs/CALLID.WK3 Normal file
View File

Binary file not shown.

BIN
docs/CALS.FM3 Normal file
View File

Binary file not shown.

BIN
docs/CALS.WK3 Normal file
View File

Binary file not shown.

466
docs/CONTACT.TXT Normal file
View File

@@ -0,0 +1,466 @@
Chris Compoit
First Data
(631)843-6783
3:00 p.m.
Jim Kirk (212)726-6650
Barra 9:00 a.m. Thursday September 14, 2000
Rama Koduru
JAVA/Web Technologies
www.barra.com
posit.com
(516)468-9155
Periphonics
4250 Vets Memorial Highway
Bohemia
peri.com
right elevator to 2nd floor
severo mancebo
H.R.
computer telephony
expertise:
C,C++,JAVA
tech lead, senior software engineer
Glenna
(516)351-1800
Irene Caine personnel
----------------------------------------------------------------------------------------
Alan Yang
631-271-1102 8:00
Arrow
----------------------------------------------------------------------------------------
Goldman Sacks 8:30 32 old slip
20th floor, Jim Barnet 357-8645
and then Valentine Beskin 357-7337
12:00 Osprey Partners 405 Park Ave 53rd 54th
Tirdad Shojari
Patrick Allen
Herb (212)683-8255
Herb (212)686-0762 243
Gail (212)856-4444
gail@astorgroup.com
http://www2.warehouse.com/product.asp?pf%5Fid=SH2912&blind=no&cat=micro
Jim Clifford - Remington (212)682-1300 call Monday morning
-------------------------------------------------------------
Justin McClusky Amalgamod (212)306-0130
---------------------------------------
Alan Bernstein (212)943-4015
--------------------------
216.91.232.125
Richard George (212)953-6066 (Atlantis)
Jim (212)682-1300 (Remington)
Justin (212)306-0130
Brian (212)557-4200
Alex Kelly (212)358-9000 (Lisa Kennedy)
Steve Heller (212)943-6194
Sean 484-8460
Dmitry (212)996-9666
costa morris
(516)671-8285
Roger Bergstein
(212)657-0280 - citibank
Roger.Bergstein@citicorp.com
**************************************************************************
TRACY BATT MITCHEL MARTIN (212)943-6194 x-372
TRACY BATT (212)843-6046
CASTLENET
WWW.THEBEAST.COM GLOBAL FIN FRAMEWORK
JASON KATZ
TUESDAY LUNCH 12:00
1 SEAPORT PLAZA
199 WATER STREET
JOHN AND FULTON 21ST FLOOR
ASK FOR JASON KATZ
CHARLENE FLETCHER
DEVELOPMENT
HAVE MAYBE 5 DEVELOPERS
CARL CARRIE PRESIDENT
C++ DEVELOPMENT
INTERNET BASED STUFF
SOFTWARE ENGINEER
105,000.00
15,000.00 GUARANTEED
VACA 3 WEEKS
LUNCH EVERYDAY
3 WEEKS VACATION
6 SICK
2 PERS
CASUAL
(212)251-0044
**************************************************************************
Name Company Phone/Fax Last
Discussion
============================================================================
Paul Alliegro ph:(516)393-4959
Stephen Kelly ph:(516)228-5000 x3622
Hewlett Packard Tech Support ph:(970)346-8682
Tim Valdner East West ph:(212)888-0005 tvaldner@ewc.co.jp
Lori at the Job (212)655-2000 x3671
doyle@ewc.co.jp
Tim Valdner East West fx:(212)888-1265
Beth Akins Landover Associates ph:(212)759-6400 Lehman Brothers
Beth Akins Landover Associates ph:(212)980-4523 Fax
Lisa Mann Concorde Holdings ph:(212)922-5700 Sigma Imaging (516)933-3055
Lisa Mann Concorde Holdings ph:(212)922-0912 Fax number
Howard Goldsmith Concorde Holdings ph:(212)922-5700
Frank Calasanto Rosato & Associates ph:(212)509-5700 Salomon Brothers
Mike Stevens Future Data ph:(212)421-6789 A.D.P.-- futuredata@aol.com
Mike Stevens Future Data fax ph:(212)421-3890
Eric Walland ph:(212)586-9701
Eric Walland (212)586-1729 FAX
Lisa Kennedy **************** ph:(212)358-9000 Symantec/Citibank/AIG
Lisa Kennedy **************** ph:(212)758-0223 Symantec/Citibank/AIG
Steve Harrison Technology Corp., ph:(212)802-7458 Citibank (L.I. City)
Steve Harrison Beeper Number ph:(917)935-4371 "" ""
Ken Tapp Ken Tapp Assoc., ph:(212)683-8255 Citibank (L.I. City)
Scott Gerson Focus Capital Markets ph:(212)986-3344/70 Micro Modelling
Len Golad Datacom ph:(212)629-5720 Microsoft/Chemical
Rick Murphy CompuSearch ph:(516)364-9290 Fax Resume
Rick Murphy CompuSearch (Fax) ph:(516)364-4478 Fax Resume
Glen Backman Backman Software ph:(201)729-8628 Backman Software
Nancy Shore ph:(908)750-2999
Nancy Shore fax ph:(908)726-0967
John Sullivan Design Strategy ph:(212)370-0000
John Sullivan Design Strategy fax ph:(212)949-3648
Theresa Reinersman ph:(212)513-7777
Theresa Reinersman ph:(212)227-1854 (fax)
Doug Stone ph:(914)471-9700 x313
Jason ph:(212)726-6632 (E-MAIL) jason.staller@ayers.com (ascii)
Jason fax:(212)661-7910
Mark Saturn ph:(212)726-6630
Bonae Barrett ph:(516)826-3588
Pam Fried ph:(516)674-4832
Madeline ph:(516)757-7868
Post Office, East Northport ph:(516)368-5885
Justin Wolffe ph:(800)848-6914
John Byrnes ph:(516)589-3754
Roger Bergstein ph:(212)657-0280 roger.bergstein@citicorp.com
----------------------------------------------------------------------------
Appointments
Company Address Contact Phone Date/Time Agency Disposition
=====================================================================================================================================================
M.U.Z.E 155 6th Ave Suite 1104 Brian Berenbach (212)741-0353 Landover Bad Match
Salomon Bros. 7 World Trade 40th floor Steve Santini (212)783-3758 Wednesday 07/19, 5:30p Rosato & Assoc., Pending Offer
A.D.P. 2 Journal Square Carolyn Curry/Lillian (201)714-3059 Wednesday 08/09, 9:30a Future Data Declined offer of 77k+bonus
Lehman Brothers World Financial Center Kenny Chu (212)526-0767 Wednesday 8/23 4:00p Beth Akins Pending second interview
Lehman Brothers Jersey City Wayne Kunow (201)524-4244 Future Data have offer of $93,000.00
Bankers Trust 130 Liberty St. Richard Waldstein (212)250-5928 Wednesday 9/6 1:00p Beth Akins Interview
Citibank 399 Park Ave.5th flr. Amy Rossoff/Phil (212)559-2885 Friday 8/25, 10:30a Ken Tapp Decided Against
Citibank Long Island City Steve Harrison Thursday 8/31 9:00a Steve Harrison Decided Against
Symantec Corp 1776 Jericho Tpke Hntgtn Betty McDonald (516)462-0440 Tuesday 9/13 5:30p Lisa Kennedy Decided Against
Symantec Corp 1776 Jericho Tpke Hntgtn Bill Donnovan (408)864-2810 Decided Against
Symantec Corp 1776 Jericho Tpke Hntgtn Nancy Kimpa (617)280-2652 Decided Against
Tech Hackers 50 Broad Street,17th floor Michael How (212)344-9500 Wednesday 9/14 5:30p Beth Akins Faded
Salomon Bros. 7 World Trade 40th floor Steve Santini (212)783-3758 Tuesday 9/27 5:30p Rosato & Assoc., Decided Against
Enterprise Data 80 Smith St. Farmingdale Claudio Ballard (516)756-7400 Saturday 10/15 10:00a Rick Murphy., No Funds
NatWest 175 Water St. Bill Kurz (Tsy) (212)602-4550 Tuesday 5/28 5:15 Mike Stevens Pending
NatWest 175 Water St. Carol Arthur (212)402-4085 17th flr.
EuroBrokers 2 World Trade Center Walter Danielson (212)748-7151 84th flr.
A.I.G. 72 Wall Street Elaine Miller (212)770-3564 Lisa Kennedy
Citibank 111 Wall Street Arlene Plutner/Jason (718)248-0633
Gemco Ptnrs 120 Broadway & Liberty David Mushel (212)433-7633 suite 7015 12:30 Friday
Gemco Ptnrs (201)801-0618
Yvonne DiStefano First Boston (212)239-0139
Professional Contacts
------------------------------------------------------------------------------------------------------------------------------------------------------
Name Company Phone/Fax Last Discussion
=============================================================================
Tom Larounis ph:(516)393-5195 Real Estate Attny
Tom Larounis ph:(516)443-2197 Car Phone
Tom Larounis ph:(516)557-2020 beeper
Anita Anselmi ph:(516)757-7272 Coach Real Estate
Jane Tremayne 3612 Merrick Rd Seaford NY 11783
Jane Tremayne ph:(516)783-0384 Nationwide Ins.
Doug Taylor Flagship ph:(516)757-4405 Mortgage
Doug Taylor Flagship (beeper) ph:(516)382-0497 Mortgage
Doug Taylor Flagship (FAX) ph:(516)757-4427 Mortgage
Doug Taylor 225 Main St. Northport NY,11768
Michael Lee ph:(212)436-5683
Michael Lee fax ph:(212)436-5973
Michael Lee Internet Address miclee@dttus.com
Personal Contacts
------------------------------------------------------------------------------------------------------------------------------------------------------
Name Company Phone/Fax Last Discussion
=============================================================================
Robin Perjon Work Number ph:(800)398-6424 hit 3 then x-3017
Roni Kessler ph:(516)234-4154
57 Adams Rd.
Central Islip, NY 11722
Unit 1C
Roni Perjon Robert Plan ph:(516)228-5000 x-3423
Roni Perjon Robert Plan ph:(516)393-4954 (516)393-4959
Feenie Jonathan Woodner Co., ph:(212)644-0630
Scott & Carol Home phone number ph:(516)271-1338 kidhunt@aol.com
Kevin Home phone number ph:(516)821-4881 frugalkk@aol.com
82 Westchester Drive
Rocky Point,
Kevin Kessler work ph:(631)929-6530
Uncle Bob Home phone number ph:(516)673-5834
Uncle Bob internet address lnjl05a@prodigy.com
Uncle Bob internet address Robert_Yannacci_at_CCNYP33E1@ccmail.prusec.com
Jerry & Mary home phone ph:(516)269-5982
Sean Kessler Cell phone number ph:(917)754-9783
Sean Kessler work number ph:(212)553-4107
Roni Cell phone number ph:(516)769-4181
Sean & Roni Home Phone Number ph:(516)262-0924/(516)262-1265
Sean & Roni 2 Rose Court Fort Salonga, N.Y. 11768
Jim Dean Witter Reynolds ph:(212)392-1185
Roni Waste Management ph:(215)633-2158
Dave Alessio ph:(305)433-2158
Gene Alessio GENEGPI@AOL.COM
Mom cell phone number ph:(516)578-7196
Mom work number ph:(516)938-7007
Mom work fax number ph:(516)938-7031
Mom home fax number ph:(516)928-9606
Barney Cell phone number ph:(516)658-4711
Mom & Barney 3 Gregg La. Coram N.Y. ph:(516)331-8857 431,"METOO"
Robin Perjon ph:(215)946-5740
Barbara Martin ph:(516)928-8220
Sandy Natale ph:(516)737-1987
Margurite Natale ph:(516)739-8051
Cables & Chips Maiden La. N.Y. N.Y. ph:(212)619-3132
Mike Tuttoro work ph:(212)302-6888
Dimitri Vorona home phone ph:(201)985-0148
Dimitri Vorona home phone ph:(201)246-1336
Dimitri ph:(201)659-1911
Maureen ph:(516)462-6652
Jamie & Tracy internet address dansalt@aol.com
Jamie ph:(516)379-9738
Bernie ph:(516)864-1100
David Alessio ph:(305)433-2158
David Alessio 1501 Southwest 119th Ave, Penbroke Pines Fla. 33025
Robert McGarvey ph:(516)735-0086
K.C. ph:(516)221-9597 (beep)(516)834-1567
Angela (K.C.) ph:(516)221-4885
Quinlan Taxi ph:(516)261-0235
Sean Kessler ph:(212)325-6450
Total Maintenance ph:(516)757-7163 John Kirby
Giovanni's restaurant ph:(516)261-1691
Just Cats ph:(516)331-4967
Len Bates (A.I.G.) ph:(212)770-8249
Dennis Wu ph:(718)331-3022 home
American Century ph:(800)345-2021 x-8765
American Century Fund:Ultra Acc#:022-001300265
$6,797.99 02/26/1997 $250/mo
$10,589.31 01/23/1998
$11,223.43 02/11/1998
$11,270.11 02/13/1998 389.027 shares
$14,588.87 06/26/1998 433.290 shares
07/25/2001 322.385 shares price:28.02 price:$280.00 -> $320.00 (86327)
1-888-345-7654
07-24-2001 shares=
monthly investment
8606 form when filing
Chase Manhattan Bank ph:(212)935-9935
Chase Manhattan Bank Acc#0261232813
Long Island Link ph:(516)232-6100 fax:(516)232-9622
Green Island Tree Spray ph:(516)549-5100
J&R Music ph:(212)238-9000
Hanya Kim ph:(212)912-9455 (home)
Lydia ph:(516)265-7453
Grace Systems ph:(516)671-9400 "3478" "europa"
reset, hold 9 for a few seconds. if not then enter code and hold 9 for a few seconds
Bill Leigh, Smith Barney ph:(516)932-4800/4835 acc#4144086016074
picked up 50 shares intel at 85.875
(Intel(INTC),Boeing,Compaq(CPQ),Lilly,AmGen,Cisco(CSCO))
Smith Barney
100 Jericho Quadrangle Suite 120
Jericho, New York 11753
Barnes & Noble ph:(516)462-0896
Pape Chevrolet ph:(516)427-0900
Tyrolean Motors Limited ph:(516)261-4079 contact:Walter,Diane,Dave Nostrand,Pete
389 Fort Salonga Road, Northport NY 11768
Hanya ph:(212)541-4716 wk:(212)388-0098
Suffolk County Police, 2nd pct. (Npt.) ph:(516)854-8200
Serge ph:(203)625-2773 serge:(718)520-6746
Communicar ph:(718)418-1200 Acc#:15666 Cost#020000
auto barn (jericho tpke) ph:(516)673-7550
U.S. 1 autoparts (huntington sta) ph:(516)427-3900 (1/4 mi north 110)
Aid Auto Parts ph:(516)549-0333
F. Paul (bmw parts) ph:(516)427-8460
Sean Kessler P.O. Box 341 East Northport NY 11731
Home Depot ph:(516)462-5300
WWW.MODEMHELP.ORG
DISABLE V.90 56K +MS=11,1
FORCE V.90 +MS=12
DISABLE V.90,FORCE KFLEX +MS=56
Linux init string is :AT&F1&C1&D2+MS11,1
1989 BMW 325i
VIN:WBAAD2304K8847685
DCAP INSURANCE (516)271-4600
#1313840817
mike sullivan 757-6793 7:30 deck and cedar
HABBERSTADT BMW (516)271-7177
Tom - Service (516)271-7177 x-282
Radio Code Light
heater core - 3 bolt flange
oxygen sensor - $124.50
heater valve - $68.00 part #707
thermostat - $16.50 $.50
antenna kit - $65.00
antenna - $17.00
valve adjustment (???)
Techron - fuel injector cleaner
Aid Auto : 543-1919
Auto Barn: 499-3300
Roadside: 266-2515
parts pkus
F. Paul - 427-8460 110.00 have socket too.
O2 sensor-
=================================================
Basil Rabinowitz
1 chase plaza 41st floor
(212)859-7046
Home Phone (718)253-6759
==================================================
Sun Machine
user:Basil
pass:europa
basil@us.fortis.com
==================================================
(212)859-7202
(212)859-7070 voice mail
First Fortis (212)859-7000
Jodi Laurett (Fortis) (212)859-7055
Jodi Laurett (Home) (212)721-4465
Jackie (Fortis) (212)859-7006 fax(212)859-7058
Gary Yalin 12:00 Fri 9/12/1997
Mel Schneiderman 7059
Kevin Michaels 12:00 Tuesday 09/16/1997
Danella Schiffer 260 Madison Ave 17th floor
38th&39th Professional Planners [8:30 - 4:00 Thursday 25th]
(212)251-0422 home(212)242-3560
October 3 1997 8:30
============================================================================
wrote application for portfolio managers, using visual C++, sybase ODBC,
which calculates the cost of trading actual holdings (turnover), given
tax basis and then translates the dollar cost into a curve tightening
in terms of a basis point spread that is needed to offset losses.
The application is used extensively during portfolio rebalancing to
identify tax efficient trades.
--------------------------------------------------------------------------
Global Advanced Technology 401(k) GAT#(212)785-9630
Charles Scwabb
(888)-444-4015
1(800)724-7526
July 1998 approximately $21,000.00
------------------------------------------------------------------------
SchwabPlan
PIN:2961
1-800-SCH-PLAN
www.schwabplan.com
------------------------------------------------------------------------
Fortis Advisers 401(k) 1-800-236-1400 PIN:9758
--------------------------------------------------------------------------
mike elsman
tracy batt
steve heller
212-943-6194
Mitchell Martin
melsman@mitchellmartin.com
Lehman-developer/architect leader position. Java/C++ Equity/Derivative
Goldman Sachs-Brokerage. Senior Developer. 5 years, Large project.
Java/C++. Sybase. GUI. DCOM.
--------------------------------------------------------------------------
lbailey@aol.com
--------------------------------------------------------------------------
--------------------------------------------------------------------------
SAFELITE AUTO GLASS
(516)864-8600
(516)864-4855
$118.74
2045 JERICHO TPKE
(516)864-6400
11:00
--------------------------------------------------------------------------
san giacomo pizza 757-0005
dormant oil 108.25 85.00
paying for
120 - dormant oil (2x) [destroy eggs and larvae]
130 - spring fungi (1x) [end April 1st week]
200 - mid spring insect (1x) [May 10th - May 15th] "Astro"
300 - late spring insect (1x) [June 10th] "Astro"
400 - hot summer insect (1x) [July 20th] "Astro"
500 - deep root (1x) [September]
550 - dormant oil (free) [November]
1 - mosq () "Permethrin" []
2 - mosq () "Permethrin" []
3 - mosq () "Permethrin" []
4 - mosq () "Permethrin" []
5 - mosq () "Permethrin" []
-----------------------------------------------------------------------
-----------------------------------------------------------------------
dormant oil 2 applications (spring /fall)
spring fungicide (1 application spring)
mid spring insect astro (1 application april 16 )
late spring insect pest
hot summer spray
deep root feeding/winter eather shield/fall dormant oil
news-server.optonline.net
Long Island Net ph:(516)761-5200 x2 modems
Long Island Net ph:(516)265-0997
Long Island Net ph:(516)630-0072 56k () ****
ph:(516)396-7400 Nassau
Long Island Net ph:(516)265-1065 28.8k v.34
382-3700
ip address is 161.58.8.86
Long Island Net ph:(800)693-1553 ph:(888)523-7801
news server "ga.news.verio.net"
news server "ny.news.verio.net"
gateway 199.171.6.1
Account#10171971
case#1019995
username:VN/europa@li.net
password:
(404)221-0918 Georgia access number
WINS disabled
IP address dynamically obtained
DNS 199.171.6.14
DNS 199.171.6.12

BIN
docs/COSTELLO.WRI Normal file
View File

Binary file not shown.

BIN
docs/Cover.wri Normal file
View File

Binary file not shown.

BIN
docs/Diversified.cer Normal file
View File

Binary file not shown.

1
docs/E.BAT Normal file
View File

@@ -0,0 +1 @@
edit contact.txt

64
docs/FILE0001.PRN Normal file
View File

@@ -0,0 +1,64 @@
04/18/94 Initial $1,034.62 $20.220 51.168 51.168
04/18/94 Purchase $42.72 $20.220 2.113 53.281 $0.000 $0.000
05/16/94 Purchase $150.00 $19.530 7.680 60.961 ($0.690) ($0.345)
06/15/94 Purchase $150.00 $19.880 7.545 68.507 $0.350 ($0.113)
07/15/94 Purchase $150.00 $19.800 7.576 76.082 ($0.080) ($0.105)
08/15/94 Purchase $150.00 $19.960 7.515 83.597 $0.160 ($0.052)
09/15/94 Purchase $150.00 $20.800 7.212 90.809 $0.840 $0.097
10/15/94 Purchase $150.00 $20.580 7.289 98.098 ($0.220) $0.051
11/15/94 Purchase $150.00 $20.880 7.184 105.282 $0.300 $0.082
12/15/94 Purchase $150.00 $20.010 7.496 112.778 ($0.870) ($0.023)
12/17/94 Capital Gain Distrib $72.76 $19.320 3.766 116.544 ($0.690) ($0.090)
01/16/95 Purchase $150.00 $20.270 7.400 123.944 $0.950 $0.005
02/15/95 Purchase $150.00 $20.440 7.339 131.282 $0.170 $0.018
03/15/95 Purchase $200.00 $20.760 9.634 140.916 $0.320 $0.042
04/17/95 Purchase $200.00 $20.910 9.565 150.481 $0.150 $0.049
05/15/95 Purchase $200.00 $22.020 9.083 159.564 $1.110 $0.120
06/15/95 Purchase $200.00 $23.160 8.636 168.199 $1.140 $0.184
07/17/95 Purchase $200.00 $26.510 7.544 175.744 $3.350 $0.370
08/15/95 Purchase $200.00 $27.030 7.399 183.143 $0.520 $0.378
09/15/95 Purchase $200.00 $27.320 7.321 190.464 $0.290 $0.374
10/15/95 Purchase $200.00 $25.520 7.837 198.301 ($1.800) $0.265
10/30/95 Redemption ($3,000.00) $28.030 -107.028 91.272
11/15/95 Purchase $200.00 $20.000 10.000 101.272
12/15/95 Purchase $200.00 $20.000 10.000 111.272
01/15/96 Purchase $200.00 $23.400 8.547 119.819 ($2.120) $0.151
02/15/96 Purchase $200.00 $27.260 7.337 127.156 $3.860 $0.320
03/15/96 Purchase $200.00 $26.970 7.416 134.572 ($0.290) $0.293
04/15/96 Purchase $200.00 $26.000 7.692 142.264 ($0.970) $0.241
05/15/96 Purchase $200.00 $28.780 6.949 149.213 $2.780 $0.342
06/17/96 Purchase $200.00 $28.250 7.080 156.293 ($0.530) $0.309
07/15/96 Purchase $200.00 $25.390 7.877 164.170 ($2.860) $0.191
08/15/96 Purchase $200.00 $27.070 7.388 171.558 $1.680 $0.245
09/16/96 Purchase $200.00 $28.230 7.085 178.643 $1.160 $0.276
10/15/96 Purchase $200.00 $30.390 6.581 185.224 $2.160 $0.339
11/15/96 Purchase $200.00 $30.730 6.508 191.732 $0.340 $0.339
12/16/96 Purchase $200.00 $29.370 6.810 198.542 ($1.360) $0.286
12/16/96 Capital Gain Distrib $334.95 $28.980 11.558 210.100 ($0.390) $0.265
01/15/97 Purchase $200.00 $29.640 6.748 216.848 $0.660 $0.277
02/15/97 Purchase $200.00 $30.940 6.464 223.312 $1.300 $0.306
03/15/97 Purchase $250.00 $28.910 8.648 231.959 ($2.030) $0.241
04/15/97 Purchase $250.00 $28.713 8.707 240.666 ($0.197) $0.230
05/15/97 Purchase $250.00 $28.516 8.767 249.433 ($0.197) $0.218
06/15/97 Purchase $250.00 $28.319 8.828 258.261 ($0.197) $0.208
07/15/97 Purchase $250.00 $28.122 8.890 267.151 ($0.197) $0.198
08/15/97 Purchase $250.00 $27.925 8.953 276.104 ($0.197) $0.188
09/15/97 Purchase $250.00 $27.728 9.016 285.120 ($0.197) $0.179
10/15/97 Purchase $250.00 $27.531 9.081 294.200 ($0.197) $0.170
11/15/97 Purchase $250.00 $27.334 9.146 303.347 ($0.197) $0.162
12/15/97 Purchase $250.00 $27.137 9.213 312.559 ($0.197) $0.154
12/15/97 Internal Adjustment $1,816.09 $27.030 67.188 379.747 ($0.107) $0.148
01/15/98 Purchase $250.00 $26.940 9.280 389.027 ($0.090) $0.143
02/15/98 Purchase $275.00 $28.970 9.493 398.520 $2.030 $0.182
03/15/98 Purchase $275.00 $31.050 8.857 407.376 $2.080 $0.221
04/15/98 Purchase $275.00 $32.350 8.501 415.877 $1.300 $0.243
05/15/98 Purchase $275.00 $32.060 8.578 424.455 ($0.290) $0.232
06/15/98 Purchase $275.00 $31.130 8.834 433.289 ($0.930) $0.210
07/15/98 Purchase $275.00 $35.780 7.686 440.974 $4.650 $0.294
07/28/98 Redemption ($15,000.00) $34.340 -436.808 4.166 ($1.440) $0.261
08/15/98 Purchase $275.00 $32.350 8.501 12.667 ($1.990) $0.221
09/15/98 Purchase $275.00 $30.220 9.100 21.767 ($2.130) $0.179
10/15/98 Purchase $275.00 $29.530 9.313 31.079 ($0.690) $0.163
11/15/98 Purchase $275.00 $31.820 8.642 39.722 $2.290 $0.200
12/15/98 Purchase $275.00 $33.460 8.219 47.940 $1.640 $0.224
12/18/98 Capital Gain Distrib $149.67 $31.410 4.765 52.705 ($2.050) $0.187

BIN
docs/FINANCE.FM3 Normal file
View File

Binary file not shown.

BIN
docs/FINANCE.WK3 Normal file
View File

Binary file not shown.

BIN
docs/FORECAST.FM3 Normal file
View File

Binary file not shown.

BIN
docs/FORECAST.WK3 Normal file
View File

Binary file not shown.

BIN
docs/FUND.FM3 Normal file
View File

Binary file not shown.

BIN
docs/FUND.WK3 Normal file
View File

Binary file not shown.

BIN
docs/FUNDS.FMT Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 328 B

BIN
docs/FUNDS.WK1 Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.6 KiB

13
docs/GAT.TXT Normal file
View File

@@ -0,0 +1,13 @@
1) FIX FPSHEET PROBLEM
CHANGED COMMON32.LIB SPEC IN CMO32 PROJECT TO
POINT TO I:\PREC\DEV\EXE
REMOVED FPSHEET.CPP/COLTYPE.CPP FROM PROJECT
CMO.C
CASHMAN.C
INFO.C
2) TEST 32 BIT PRECISION
3) MU1 FILE CONVERSION

93
docs/HOUSE.TXT Normal file
View File

@@ -0,0 +1,93 @@
Tuesday October 31, 1995
--------------------------------------------------
a) call Doug, will send checks - ok (sent)
b) confirm Engineer - ok
c) confirm termite guy - ok
d) call 20th Century regarding distribution - redeemed $3,000.00
e) deposit checks - ok
f) call Tom - ok
----------------------------------------------------
call Anita, try to get copy of survey from homeowner
1) HouseMaster - Engineers
(516)273-1122
Barbara
$180.00 fee
+ 60.00 per/hr - average 2 hours
+ 75.00 cesspool test
=======
$375.00
Pending 3:30 appt.
2) Termite Guy
(516)957-2657
Dolores
$45.00
callback when know what engineers are doing
3) To Doug
Application Fee $250.00
Appraisal Fee $250.00
Need the appraisal to get the commitment
Doug Taylor Flagship ph:(516)757-4405 Mortgage
Doug Taylor Flagship (beeper) ph:(516)382-0497 Mortgage
Doug Taylor 225 Main St. Northport NY,11768
4) Tom Larounis - Real Estate Attorney
(516)822-0222
(516)522-9422 beeper
$750.00
costs covered
=============
$ 55.00 - pre-approval application fee
$ 100.00 - binder
$ 250.00 - application fee
$ 250.00 - appraisal fee
$ 405.00 - engineering fee
bank stats
==========
$15,100.00 start
323.81 check roni - realized
199.86 check roni - realized
1,673.96 Lexington Distribution - realized
2,243.00 Payroll sean Tuesday 10/31/1995 - realized
300.00 check roni s/b Thursday 11/2/1995
100.00 Binder - realized
250.00 application fee (Flagship) - realized
250.00 appraisal fee (Flagship) - realized
405.00 engineering inspection
760.00 Rent 11/95
370.00 car payment 11/95
109.00 student loan payment 11/95
100.00 electric 11/95
200.00 charge cards 11/95
50.00 cell phone charges 11/95
200.00 phone bill 11/95
20.00 cable bill 11/95
195.00 transit ticket
2,349.00 notebook
1,358.67 Fidelity Investment
3,000.00 20th Century
600.00 checks roni (expected 1st and 2nd week November)
2,243.00 checks sean (expected payroll November 15, 1995)
===========================================================================
$21,610.63 sub total
9,000.00 expected 401(k) distribution
========================================
$30,610.63
45.00 termite inspection ; this might have been included in Eng charge
===========================================================================
** $2,000.00 remains in the 20th Century account
** $3,000.00 expected net bonus in December, 1995

1065
docs/JPEG.TXT Normal file
View File

File diff suppressed because it is too large Load Diff

3
docs/LOCATE.BAT Normal file
View File

@@ -0,0 +1,3 @@
@echo off
grep %1 contact.txt

426
docs/MC68HC11.HTM Normal file
View File

@@ -0,0 +1,426 @@
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<!-- J & B IMAGING SERVICES, INC. email=jabis@aus.sig.net -->
<!-- J & B IMAGING SERVICES, INC. phone/fax=(512) 219 9517 -->
<!------ JRS HTML MAPPER/EDITOR (FrameMaker 5.5) V6.5 ------->
<!-- Jay Ridge Services, Inc phone/fax/ans mach=(512) 261-3148-->
<HTML>
<TITLE>
MC68HC11F1 Technical Data - HTML Created 04-11-1998</TITLE>
<BODY bgcolor=#FFFFFF>
<P>Click here for:
<BLOCKQUOTE><P><A HREF="/lit/manuals/mc68hc11f1td/outline1.html#oc3000010">Return to Outline</A>
<BR><A HREF="#txt000830">End of This file</A>
<BR><A HREF="c2.html#txt001330">Prior text</A>
</BLOCKQUOTE>
<H2 ALIGN=CENTER><A NAME="txt000010"></A>SECTION 3 <STRONG><BR>
</STRONG>CENTRAL PROCESSING UNIT</H2>
<P><A NAME="txt000020"></A>This section presents information on M68HC11
central processing unit (CPU) architecture. Data types, addressing
modes, the instruction set, and the extended addressing range required
to support this MCU's memory expansion feature are also included, as
are special operations such as subroutine calls and interrupts.
<P><A NAME="txt000030"></A>The CPU is designed to treat all peripheral,
I/O, and memory locations identically as addresses in the 64 Kbyte
memory map. This is referred to as memory-mapped I/O. There are no
special instructions for I/O that are separate from those used for
memory. This architecture also allows accessing an operand from an
external memory location with no execution-time penalty.
<H3><A NAME="txt000040"></A>3.1 CPU Registers</H3>
<P><A NAME="txt000050"></A>M68HC11 CPU registers are an integral part
of the CPU and are not addressed as if they were memory locations. The
seven registers, discussed in the following paragraphs, are shown in
Figure 3-1
.
<P ALIGN=CENTER><IMG ALT="c3f3-1" SRC="gifs/c3f3-1.gif" WIDTH="678"
HEIGHT="580" ALIGN="BOTTOM" BORDER="0">
<H4 ALIGN=CENTER><A NAME="txt000060"></A>Figure 3-1 Programming
Model</H4>
<H3><A NAME="txt000070"></A>3.1.1 Accumulators A, B, and D</H3>
<P><A NAME="txt000080"></A>Accumulators A and B are general-purpose
8-bit registers that hold operands and results of arithmetic
calculations or data manipulations. For some instructions, these two
accumulators are treated as a single double-byte (16-bit) accumulator
called accumulator D. Although most instructions can use accumulators A
or B interchangeably, the following exceptions apply:
<P><A NAME="txt000090"></A>The ABX and ABY instructions add the
contents of 8-bit accumulator B to the contents of 16-bit register X or
Y, but there are no equivalent instructions that use A instead of B.
<P><A NAME="txt000100"></A>The TAP and TPA instructions transfer data
from accumulator A to the condition code register, or from the
condition code register to accumulator A, however, there are no
equivalent instructions that use B rather than A.
<P><A NAME="txt000110"></A>The decimal adjust accumulator A (DAA)
instruction is used after binary-coded decimal (BCD) arithmetic
operations, but there is no equivalent BCD instruction to adjust
accumulator B.
<P><A NAME="txt000120"></A>The add, subtract, and compare instructions
associated with both A and B (ABA, SBA, and CBA) only operate in one
direction, making it important to plan ahead to ensure that the correct
operand is in the correct accumulator.
<H3><A NAME="txt000130"></A>3.1.2 Index Register X (IX)</H3>
<P><A NAME="txt000140"></A>The IX register provides a 16-bit indexing
value that can be added to the 8-bit offset provided in an instruction
to create an effective address. The IX register can also be used as a
counter or as a temporary storage register.
<H3><A NAME="txt000150"></A>3.1.3 Index Register Y (IY)</H3>
<P><A NAME="txt000160"></A>The 16-bit IY register performs an indexed
mode function similar to that of the IX register. However, most
instructions using the IY register require an extra byte of machine
code and an extra cycle of execution time because of the way the opcode
map is implemented. Refer to
<A HREF="#txt000630">
3.3 Opcodes and Operands</A>
<STRONG> </STRONG>for further information.
<H3><A NAME="txt000170"></A>3.1.4 Stack Pointer (SP)</H3>
<P><A NAME="txt000180"></A>The M68HC11 CPU has an automatic program
stack. This stack can be located anywhere in the address space and can
be any size up to the amount of memory available in the system.
Normally the SP is initialized by one of the first instructions in an
application program. The stack is configured as a data structure that
grows downward from high memory to low memory. Each time a new byte is
pushed onto the stack, the SP is decremented. Each time a byte is
pulled from the stack, the SP is incremented. At any given time, the SP
holds the 16-bit address of the next free location in the stack.
Figure 3-2
is a summary of SP operations.
<P ALIGN=CENTER><IMG ALT="c3f3-2" SRC="gifs/c3f3-2.gif" WIDTH="681"
HEIGHT="693" ALIGN="BOTTOM" BORDER="0">
<H4 ALIGN=CENTER><A NAME="txt000190"></A>Figure 3-2 Stacking
Operations</H4>
<P><A NAME="txt000200"></A>When a subroutine is called by a jump to
subroutine (JSR) or branch to subroutine (BSR) instruction, the address
of the instruction after the JSR or BSR is automatically pushed onto
the stack, least significant byte first. When the subroutine is
finished, a return from subroutine (RTS) instruction is executed. The
RTS pulls the previously stacked return address from the stack, and
loads it into the program counter. Execution then continues at this
recovered return address.
<P><A NAME="txt000210"></A>When an interrupt is recognized, the current
instruction finishes normally, the return address (the current value in
the program counter) is pushed onto the stack, all of the CPU registers
are pushed onto the stack, and execution continues at the address
specified by the vector for the interrupt. At the end of the interrupt
service routine, an RTI instruction is executed. The RTI instruction
causes the saved registers to be pulled off the stack in reverse order.
Program execution resumes at the return address.
<P><A NAME="txt000220"></A>There are instructions that push and pull
the A and B accumulators and the X and Y index registers. These
instructions are often used to preserve program context. For example,
pushing accumulator A onto the stack when entering a subroutine that
uses accumulator A, and then pulling accumulator A off the stack just
before leaving the subroutine, ensures that the contents of a register
will be the same after returning from the subroutine as it was before
starting the subroutine.
<H3><A NAME="txt000230"></A>3.1.5 Program Counter (PC)</H3>
<P><A NAME="txt000240"></A>The program counter, a 16-bit register,
contains the address of the next instruction to be executed. After
reset, the program counter is initialized from one of six possible
vectors, depending on operating mode and the cause of reset.
<H4 ALIGN=CENTER><A NAME="txt000250"></A>Table 3-1 Reset Vector Comparison</H4>
<P>&nbsp;
<CENTER><TABLE BORDER>
<TR>
<TD ALIGN=CENTER><A NAME="txt000260"></A>&#160;</TD>
<TH ALIGN=CENTER><A NAME="txt000270"></A>POR or <IMG ALT="Overbar
RESET" SRC="/lit/overbar/reset.gif" ALIGN="MIDDLE" BORDER="0"> Pin</TH>
<TH ALIGN=CENTER><A NAME="txt000280"></A>Clock Monitor</TH>
<TH ALIGN=CENTER><A NAME="txt000290"></A>COP Watchdog</TH>
</TR><TR>
<TD ALIGN=CENTER><A NAME="txt000300"></A>Normal</TD>
<TD ALIGN=CENTER><A NAME="txt000310"></A>$FFFE, F</TD>
<TD ALIGN=CENTER><A NAME="txt000320"></A>$FFFC, D</TD>
<TD ALIGN=CENTER><A NAME="txt000330"></A>$FFFA, B</TD>
</TR><TR>
<TD ALIGN=CENTER><A NAME="txt000340"></A>Test or Boot</TD>
<TD ALIGN=CENTER><A NAME="txt000350"></A>$BFFE, F</TD>
<TD ALIGN=CENTER><A NAME="txt000360"></A>$BFFC, D</TD>
<TD ALIGN=CENTER><A NAME="txt000370"></A>$BFFA, B</TD>
</TR>
</TABLE></CENTER>
<H3><A NAME="txt000380"></A>3.1.6 Condition Code Register (CCR) </H3>
<P><A NAME="txt000390"></A>This 8-bit register contains five condition
code indicators (C, V, Z, N, and H), two interrupt masking bits, (I and
X) and a stop disable bit (S). In the M68HC11 CPU, condition codes are
automatically updated by most instructions. For example, load
accumulator A (LDAA) and store accumulator A (STAA) instructions
automatically set or clear the N, Z, and V condition code flags.
Pushes, pulls, add B to X (ABX), add B to Y (ABY), and
transfer/exchange instructions do not affect the condition codes. Refer
to
Table 3-2
, which shows what condition codes are affected by a particular
instruction.
<H3><A NAME="txt000400"></A>3.1.6.1 Carry/Borrow (C) </H3>
<P><A NAME="txt000410"></A>The C bit is set if the arithmetic logic
unit (ALU) performs a carry or borrow during an arithmetic operation.
The C bit also acts as an error flag for multiply and divide
operations. Shift and rotate instructions operate with and through the
carry bit to facilitate multiple-word shift operations.
<H3><A NAME="txt000420"></A>3.1.6.2 Overflow (V)</H3>
<P><A NAME="txt000430"></A>The overflow bit is set if an operation
causes an arithmetic overflow. Otherwise, the V bit is cleared.
<H3><A NAME="txt000440"></A>3.1.6.3 Zero (Z)</H3>
<P><A NAME="txt000450"></A>The Z bit is set if the result of an
arithmetic, logic, or data manipulation operation is zero. Otherwise,
the Z bit is cleared. Compare instructions do an internal implied
subtraction and the condition codes, including Z, reflect the results
of that subtraction. A few operations (INX, DEX, INY, and DEY) affect
the Z bit and no other condition flags. For these operations, only =
and - conditions can be determined.
<H3><A NAME="txt000460"></A>3.1.6.4 Negative (N)</H3>
<P><A NAME="txt000470"></A>The N bit is set if the result of an
arithmetic, logic, or data manipulation operation is negative (MSB =
1). Otherwise, the N bit is cleared. A result is said to be negative if
its most significant bit (MSB) is a one. A quick way to test whether
the contents of a memory location has the MSB set is to load it into an
accumulator and then check the status of the N bit.
<H3><A NAME="txt000480"></A>3.1.6.5 Interrupt Mask (I)</H3>
<P><A NAME="txt000490"></A>The interrupt request (IRQ) mask (I bit) is
a global mask that disables all maskable interrupt sources. While the I
bit is set, interrupts can become pending, but the operation of the CPU
continues uninterrupted until the I bit is cleared. After any reset,
the I bit is set by default and can only be cleared by a software
instruction. When an interrupt is recognized, the I bit is set after
the registers are stacked, but before the interrupt vector is fetched.
After the interrupt has been serviced, a return from interrupt
instruction is normally executed, restoring the registers to the values
that were present before the interrupt occurred. Normally, the I bit is
zero after a return from interrupt is executed. Although the I bit can
be cleared within an interrupt service routine, &#147;nesting&#148;
interrupts in this way should only be done when there is a clear
understanding of latency and of the arbitration mechanism. Refer to
<A HREF="c5a.html#txt000010">
SECTION 5 RESETS AND INTERRUPTS</A>
.
<H3><A NAME="txt000500"></A>3.1.6.6 Half Carry (H)</H3>
<P><A NAME="txt000510"></A>The H bit is set when a carry occurs between
bits 3 and 4 of the arithmetic logic unit during an ADD, ABA, or ADC
instruction. Otherwise, the H bit is cleared. Half carry is used during
BCD operations.
<H3><A NAME="txt000520"></A>3.1.6.7 X Interrupt Mask (X)</H3>
<P><A NAME="txt000530"></A>The <IMG ALT="Overbar XIRQ"
SRC="/lit/overbar/xirq.gif" ALIGN="MIDDLE" BORDER="0"> mask (X) bit
disables interrupts from the <IMG ALT="Overbar XIRQ"
SRC="/lit/overbar/xirq.gif" ALIGN="MIDDLE" BORDER="0"> pin. After any
reset, X is set by default and must be cleared by a software
instruction. When an <IMG ALT="Overbar XIRQ"
SRC="/lit/overbar/xirq.gif" ALIGN="MIDDLE" BORDER="0"> interrupt is
recognized, the X and I bits are set after the registers are stacked,
but before the interrupt vector is fetched. After the interrupt has
been serviced, an RTI instruction is normally executed, causing the
registers to be restored to the values that were present before the
interrupt occurred. The X interrupt mask bit is set only by hardware
(<IMG ALT="Overbar RESET" SRC="/lit/overbar/reset.gif" ALIGN="MIDDLE"
BORDER="0"> or <IMG ALT="Overbar XIRQ" SRC="/lit/overbar/xirq.gif"
ALIGN="MIDDLE" BORDER="0"> acknowledge). X is cleared only by program
instruction (TAP, where the associated bit of A is zero; or RTI, where
bit 6 of the value loaded into the CCR from the stack has been
cleared). There is no hardware action for clearing X.
<H3><A NAME="txt000540"></A>3.1.6.8 Stop Disable (S)</H3>
<P><A NAME="txt000550"></A>Setting the STOP disable (S) bit prevents
the STOP instruction from putting the M68HC11 into a low-power stop
condition. If the CPU encounters a STOP instruction while the S bit is
set, it is treated as a no-operation (NOP) instruction, and processing
continues to the next instruction. S is set by reset &#151; STOP
disabled by default.
<H3><A NAME="txt000560"></A>3.2 Data Types</H3>
<P><A NAME="txt000570"></A>The M68HC11 CPU supports the following data
types:
<UL>
<LI><A NAME="txt000580"></A>Bit data
<LI><A NAME="txt000590"></A>8-bit and 16-bit signed and unsigned
integers
<LI><A NAME="txt000600"></A>16-bit unsigned fractions
<LI><A NAME="txt000610"></A>16-bit addresses
</UL>
<P><A NAME="txt000620"></A>A byte is eight bits wide and can be
accessed at any byte location. A word is composed of two consecutive
bytes with the most significant byte at the lower value address.
Because the M68HC11 is an 8-bit CPU, there are no special requirements
for alignment of instructions or operands.
<H3><A NAME="txt000630"></A>3.3 Opcodes and Operands</H3>
<P><A NAME="txt000640"></A>The M68HC11 family of microcontrollers uses
8-bit opcodes. Each opcode identifies a particular instruction and
associated addressing mode to the CPU. Several opcodes are required to
provide each instruction with a range of addressing capabilities. Only
256 opcodes would be available if the range of values were restricted
to the number able to be expressed in 8-bit binary numbers.
<P><A NAME="txt000650"></A>A four-page opcode map has been implemented
to expand the number of instructions. An additional byte, called a
prebyte, directs the processor from page 0 of the opcode map to one of
the other three pages. As its name implies, the additional byte
precedes the opcode.
<P><A NAME="txt000660"></A>A complete instruction consists of a
prebyte, if any, an opcode, and zero, one, two, or three operands. The
operands contain information the CPU needs for executing the
instruction. Complete instructions can be from one to five bytes long.
<H3><A NAME="txt000670"></A>3.4 Addressing Modes</H3>
<P><A NAME="txt000680"></A>Six addressing modes can be used to access
memory: immediate, direct, extended, indexed, inherent, and relative.
These modes are detailed in the following paragraphs. All modes except
inherent mode use an effective address. The effective address is the
memory address from which the argument is fetched or stored, or the
address from which execution is to proceed. The effective address can
be specified within an instruction, or it can be calculated.
<H3><A NAME="txt000690"></A>3.4.1 Immediate </H3>
<P><A NAME="txt000700"></A>In the immediate addressing mode an argument
is contained in the byte(s) immediately following the opcode. The
number of bytes following the opcode matches the size of the register
or memory location being operated on. There are two-, three-, and four-
(if prebyte is required) byte immediate instructions. The effective
address is the address of the byte following the instruction.
<H3><A NAME="txt000710"></A>3.4.2 Direct </H3>
<P><A NAME="txt000720"></A>In the direct addressing mode, the low-order
byte of the operand address is contained in a single byte following the
opcode, and the high-order byte of the address is assumed to be $00.
Addresses $00&#150;$FF are thus accessed directly, using two-byte
instructions. Execution time is reduced by eliminating the additional
memory access required for the high-order address byte. In most
applications, this 256-byte area is reserved for frequently referenced
data. In M68HC11 MCUs, the memory map can be configured for
combinations of internal registers, RAM, or external memory to occupy
these addresses.
<H3><A NAME="txt000730"></A>3.4.3 Extended </H3>
<P><A NAME="txt000740"></A>In the extended addressing mode, the
effective address of the argument is contained in two bytes following
the opcode byte. These are three-byte instructions (or four-byte
instructions if a prebyte is required). One or two bytes are needed for
the opcode and two for the effective address.
<H3><A NAME="txt000750"></A>3.4.4 Indexed</H3>
<P><A NAME="txt000760"></A>In the indexed addressing mode, an 8-bit
unsigned offset contained in the instruction is added to the value
contained in an index register (IX or IY). The sum is the effective
address. This addressing mode allows referencing any memory location in
the 64 Kbyte address space. These are two- to five-byte instructions,
depending on whether or not a prebyte is required.
<H3><A NAME="txt000770"></A>3.4.5 Inherent</H3>
<P><A NAME="txt000780"></A>In the inherent addressing mode, all the
information necessary to execute the instruction is contained in the
opcode. Operations that use only the index registers or accumulators,
as well as control instructions with no arguments, are included in this
addressing mode. These are one- or two-byte instructions.
<H3><A NAME="txt000790"></A>3.4.6 Relative</H3>
<P><A NAME="txt000800"></A>The relative addressing mode is used only
for branch instructions. If the branch condition is true, an 8-bit
signed offset included in the instruction is added to the contents of
the program counter to form the effective branch address. Otherwise,
control proceeds to the next instruction. These are usually two-byte
instructions.
<H3><A NAME="txt000810"></A>3.5 Instruction Set</H3>
<P><A NAME="txt000820"></A>Refer to
Table 3-2
, which shows all the M68HC11 instructions in all possible addressing
modes. For each instruction, the table shows the operand construction,
the number of machine code bytes, and execution time in CPU E clock
cycles.
<H4 ALIGN=CENTER><A NAME="txt000830"></A>Table 3-2 Instruction Set </H4>
<P ALIGN=CENTER><IMG ALT="c3t3-2a" SRC="gifs/c3t3-2a.gif" WIDTH="645"
HEIGHT="838" ALIGN="BOTTOM" BORDER="0">
<P ALIGN=CENTER><IMG ALT="c3t3-2b" SRC="gifs/c3t3-2b.gif" WIDTH="646"
HEIGHT="802" ALIGN="BOTTOM" BORDER="0">
<P ALIGN=CENTER><IMG ALT="c3t3-2c" SRC="gifs/c3t3-2c.gif" WIDTH="646"
HEIGHT="842" ALIGN="BOTTOM" BORDER="0">
<P ALIGN=CENTER><IMG ALT="c3t3-2d" SRC="gifs/c3t3-2d.gif" WIDTH="645"
HEIGHT="853" ALIGN="BOTTOM" BORDER="0">
<P ALIGN=CENTER><IMG ALT="c3t3-2e" SRC="gifs/c3t3-2e.gif" WIDTH="645"
HEIGHT="833" ALIGN="BOTTOM" BORDER="0">
<P ALIGN=CENTER><IMG ALT="c3t3-2f" SRC="gifs/c3t3-2f.gif" WIDTH="644"
HEIGHT="817" ALIGN="BOTTOM" BORDER="0">
<P ALIGN=CENTER><IMG ALT="c3t3-2g" SRC="gifs/c3t3-2g.gif" WIDTH="644"
HEIGHT="596" ALIGN="BOTTOM" BORDER="0">
<P>Click here for:
<BLOCKQUOTE><P><A HREF="/lit/manuals/mc68hc11f1td/outline1.html#oc3000010">Return to Outline</A>
<BR><A HREF="#txt000010">Beginning of This file</A>
<BR><A HREF="c4a.html#txt000010">Next text</A>
</BLOCKQUOTE>
</BODY>
</HTML>

BIN
docs/PROFILE.WRI Normal file
View File

Binary file not shown.

BIN
docs/RESUME/ADDENDUM.DOC Normal file
View File

Binary file not shown.

BIN
docs/RESUME/CHRON1A.DOC Normal file
View File

Binary file not shown.

BIN
docs/RESUME/CHRON1A.RTF Normal file
View File

Binary file not shown.

BIN
docs/RESUME/CHRON1A.WRI Normal file
View File

Binary file not shown.

BIN
docs/RESUME/CHRON1B.DOC Normal file
View File

Binary file not shown.

BIN
docs/RESUME/CHRON1B.WRI Normal file
View File

Binary file not shown.

BIN
docs/RESUME/CHRON1C.DOC Normal file
View File

Binary file not shown.

BIN
docs/RESUME/CHRON1C.WRI Normal file
View File

Binary file not shown.

BIN
docs/RESUME/COMBINED.WRI Normal file
View File

Binary file not shown.

BIN
docs/RESUME/COVER.DOC Normal file
View File

Binary file not shown.

BIN
docs/RESUME/COVER.WRI Normal file
View File

Binary file not shown.

BIN
docs/RESUME/Cover Letter For Honeywell.Doc Normal file
View File

Binary file not shown.

BIN
docs/RESUME/Cover Letter For Lowes.Doc Normal file
View File

Binary file not shown.

241
docs/RESUME/Cover_EEI.rtf Normal file
View File

@@ -0,0 +1,241 @@
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fmodern\fprq1\fcharset0 Courier New;}{\f1\fswiss\fcharset0 Arial;}{\f2\froman\fprq2\fcharset0 Times New Roman;}}
{\colortbl ;\red0\green0\blue0;}
{\stylesheet{ Normal;}{\s1 heading 1;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\keepn\s1\cf1\f0\fs24 June 9, 2010\par
\pard\b\par
\pard\ri-582\par
\b0 Dear Mr. Schumer;\par
\pard\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\cf0 I would like to be considered for the Senior C++ Application Engineer position at EEI.\par
\par
My twenty-plus years of software design and development experience in the financial industry have helped me to achieve a successful track record of engineering and deploying efficient enterprise solutions. In my position with Global Advanced Technology I gained invaluable critical thinking skills, large software design skills, and best practices methodologies. I have worked on trading systems where performance and failover handling are mission critical. In addition, my experience with modeling tools such as Rational Rose and Enterprise Architect have provided me with the ability to design efficiently across various development groups. I have experience with a variety of programming languages including Java, C, C++, and C#.\par
\par
Through challenging team lead positions, I have developed effective interpersonal skills and a strong team-oriented spirit, even while under pressure. I know that these are qualities that EEI is looking for in successful engineers.\par
\par
I have attached my resume for your review. I am enthusiastic about a career path with EEI and I look forward to speaking with you at your earliest convenience. Thank you for your time and consideration.\par
\par
\par
Sincerely,\par
\par
\par
\pard\f1\fs20{\pict\wmetafile8\picwgoal2399\pichgoal1499
010009000003061000000000e10f000000000400000003010800050000000b0200000000050000
000c026500a100030000001e000400000007010400e10f0000410b2000cc006400a00000000000
6400a0000000000028000000a00000006400000001000400000000000000000000000000000000
00000000000000000000000000ffffff00fefefe00000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000002222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222220022222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222002222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222200222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222200022222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222220022222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222002222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222200222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222220022222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222002222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222200222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222220
022222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222002222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222200222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222220022222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222002222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222200222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222220022222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222002222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222200222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222220022222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222200222222222222
222222222222222222222222222222222222222002222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222000000022222
222222222222222222222222222222222222222222200222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222220222222222200
022202220000222220022222222222222222222222222220022222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222220222222222
222000000000000002200000022222222222222222222222220002222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222220222222
222220000002220002220000222200022222222222222222222222000222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222220022
222222220022220020000002200022222002000222222222222222222220022222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
002222222220022222002002000220002222220000022222200002222222220002222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222002222222220022222220000220002000022222000000022000000022222222000222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222200222222220022222220000222200002202222200000002200222000222222200000222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222220222222200022222222200022222000222022222200000220022222002222200000
002222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222220022222202022222222220002222200022202222220000022002222200022220
000000022222200222222002222222222222222222222222222222222222222222222222222222
222222222222222222002222200022222222222000222222002200222222002000000222222002
222000020000222000002222200002222222222222222222222222222222222222222222222222
222222222222222222222220222200222222222222200022222200222002222200200000222222
220022000022200022000200022222000222220000222222222222222222222222222222222222
222222222222222222222222222002200222222222222220002222222002200222220020000022
222222202200000222000000000002222220002220000022222222222222222222222222222222
222222222222222222222222222222220000222222222222222000022222200220022222002000
002222222202020000022220002222200022222000222000200222222222222222222222222222
222222222222222222222222222222222222222222222222222222000000022220022202222200
200000222222222002000002222000222222000022220022200022002222222000000222222222
222222222222222222222222222222222222222222222222222222222200200002222000220022
220020000022222222200200000222220002222200000222000220002200000222200220000222
222222222222222222222222222222222222222222222222222222222222220020000222200022
002222002200000222222220020000022222000022220000022200022000222200000200022220
002222222222222222222222222222222222222222222222222222222222222220002002002222
002200222200220000022222222002000002222220002222202200222002200022200000000022
222220002222222222222222222222222222222222222222222222222222222222222002200200
222200022022220022200022222222200200000222222000222220022002200020002222000200
002222222200222222222222222222222222222222222222222222222222222222222222002220
000022220002200222000000000222222222022000002222220002222002220020002200222200
022000022222222000222222222222222222222222222222222222222222222222222222222200
222000200222200220022200000000022222222202200000222222000222200222002000200022
222000220002222222220002222222222222222222222222222222222222222222222222222222
200222200020022220022202222000200002222222202220002002222220002220022220000020
000222220022000222222222200022222222222222222222222222222222222222222222222222
222220022220000002222002200222000200000222222222222000200222222000222002222000
002200022222002220002222222222000222222222222222222222222222222222222222222222
222222220022222000000022200022002200022000022222222222200022002222200002202222
220000220002222200022000022222222220002222222222222222222222222222222222222222
222222222220022222200200002220020200200002222002222222222220002200022220000220
222222000022000222222002200002222222222200022222222222222222222222222222222222
222222222222220002222222020000222002000000002222200022222222222000222020222200
022022222200002200002222200220000022222222222000222222222222222222222222222222
222222222222222222002222222202000022200222000000222220002222222222200022222222
220002002222222000220000222220002000002222222222220002222222222222222222222222
222222222222222222222000222222220020002220022000000000022200222222222220002222
020222000002222222200022200022222000202020022222222222200022222222222222222222
222222222222222222222222200222222222222000222002002222222000000002222222222000
222220022200000222222220002220000222220022202002222222222222002222222222222222
222222222222222222222222222200222222222222220002200002222222222220000222222222
200022222200020000022222222000222000022222002222000222222222222200022222222222
222222222222222222222222222222220022222222222222000220000222222222222200002222
222220002222222000002002222222200022200002222200222000022222222222222002222222
222222222222222222222222222222222220022222222222222220000000022222222222222000
002222222000222222222022222222222222002222000022222022200000222222222222200022
222222222222222222222222222222222222222002222222222222222000002022222222222222
222200022222200022222222222222222222222222222200222222222222000022222222222222
002222222222222222222222222222222222222222200222222222222222200222202222222222
222222222200022220002222222222222222222222222222220022222222222220002222222222
222220022222222222222222222222222222222222222220022222222222222220022220222222
222222222222222200022000222222222222222222222222222222002222222222222222222222
222222222002222222222222222222222222222222222222222002222222222222222002222002
222222222222222222222000000022222222222222222222222222222200022222222222222222
222222222222200022222222222222222222222222222222222222202222222222222222200222
200222222222222222222222222000002222222222222222222222222222222002222222222222
222222222222222222002222222222222222222222222222222222222220222222222222222220
022220022222222222222222222222220000222222222222222222222222222222200222222222
222222222222222222222200022222222222222222222222222222222222222002222222222222
222002222200222222222222222222222222200002222222222222222222222222222220022222
222222222222222222222222222002222222222222222222222222222222222222200222222222
222222200222220022222222222222222222222200000022222222222222222222222222222002
222222222222222222222222222222200222222222222222222222222222222222222220022222
222222222220022222200222222222222222222222220000200222222222222222222222222222
200022222222222222222222222222222220022222222222222222222222222222222222222002
222222222222222002222220022222222222222222222222000022002222222222222222222222
222220002222222222222222222222222222222002222222222222222222222222222222222222
220222222222222222200222222200222222222222222222222200002220002222222222222222
222222222200222222222222222222222222222222220222222222222222222222222222222222
222222002222222222222220022222222002222222222222222222200000222200022222222222
222222222222220022222222222222222222222222222220022222222222222222222222222222
222222222200222222222222222002222222220022222222222222222220000022222002222222
222222222222222222002222222222222222222222222222222002222222222222222222222222
222222222222222022222222222222200222222222200222222222222222220020002222220022
222222222222222222222200222222222222222222222222222222200222222222222222222222
222222222222222222200222222222222220022222222222002222222222222220002200222222
200222222222222222222222220002222222222222222222222222222222022222222222222222
222222222222222222222220002222222222222022222222222220022222222222222002222022
222222002222222222222222222222000222222222222222222222222222222202222222222222
222222222222222222222222222200222222222222002222222222222200022222222220002222
202222222200022222222222222222222220022222222222222222222222222222000222222222
222222222222222222222222222222220002222222222000222222222222222000222222220002
222220222222222000222222222222222222222002222222222222222222222222222202222222
222222222222222222222222222222222222200222222222200022222222222222222200000000
022222220222222222220022222222222222222222200222222222222222222222222222220222
222222222222222222222222222222222222222222002222222220022222222222222222222220
022222222222202222222222200222222222222222222220002222222222222222222222222220
022222222222222222222222222222222222222222222220222222220002222222222222222222
222222222222222220222222222220002222222222222222222000222222222222222222222222
222022222222222222222222222222222222222222222222222222222222002222222222222222
222222222222222222222022222222222200222222222222222222220022222222222222222222
222222222222222222222222222222222222222222222222222222220022222002222222222222
222222222222222222222222202222222222222002222222222222222222002222222222222222
222222222222222222222222222222222222222222222222222222222222200022200222222222
222222222222222222222222222222222222222222200222222222222222222200222222222222
222222222222222222222222222222222222222222222222222222222222222222000000222222
222222222222222222222222222222222222222222222222002222222222222222220022222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222200222222222222222222000222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222220222222222222222222220
022222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222202222222222222222
222002222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222220222222222222
222222200222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222220222222
222222222220022222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222022
222222222222222202222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
202222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
040000002701ffff030000000000
}\cf1\b\f0\fs24\par
\b0 Sean M. Kessler\par
\par
\pard\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\cf0 Enclosure: resume\f2\fs20\par
\pard\cf1\b\f0\fs24\par
\par
\b0\par
\cf0\f1\fs20\par
}

242
docs/RESUME/Cover_GoodMortgage.rtf Normal file
View File

@@ -0,0 +1,242 @@
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fmodern\fprq1\fcharset0 Courier New;}{\f1\fswiss\fcharset0 Arial;}{\f2\froman\fprq2\fcharset0 Times New Roman;}}
{\colortbl ;\red0\green0\blue0;}
{\stylesheet{ Normal;}{\s1 heading 1;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\keepn\s1\cf1\f0\fs24 March 12, 2012\par
\pard\b\par
\pard\ri-582\par
\b0 Dear HR ;\par
\pard\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\cf0 I would like to be considered for a development position at GoodMortgage.\par
\par
My twenty-plus years of software design and development experience in the financial industry have helped me to achieve a successful track record of engineering and deploying efficient enterprise solutions. In my position with Global Advanced Technology I gained invaluable critical thinking skills, large software design skills, and best practices methodologies. I have worked on trading systems where performance and failover handling are mission critical. In addition, my experience with modeling tools such as Rational Rose and Enterprise Architect have provided me with the ability to design efficiently across various development groups. I have experience with a variety of programming languages including Java, C, C++, and C#.\par
\par
Through challenging team lead positions, I have developed effective interpersonal skills and a strong team-oriented spirit, even while under pressure. I know that these are qualities that GoodMortgage is looking for in successful engineers.\par
\par
I have attached my resume for your review. I am enthusiastic about a career path with GoodMortage and I look forward to speaking with you at your earliest convenience. Thank you for your time and consideration.\par
\par
\par
Sincerely,\par
\par
\par
\pard\f1\fs20{\pict\wmetafile8\picwgoal2399\pichgoal1499
010009000003061000000000e10f000000000400000003010800050000000b0200000000050000
000c026500a100030000001e000400000007010400e10f0000410b2000cc006400a00000000000
6400a0000000000028000000a00000006400000001000400000000000000000000000000000000
00000000000000000000000000ffffff00fefefe00000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000002222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222220022222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222002222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222200222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222200022222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222220022222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222002222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222200222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222220022222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222002222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222200222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222220
022222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222002222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222200222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222220022222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222002222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222200222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222220022222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222002222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222200222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222220022222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222200222222222222
222222222222222222222222222222222222222002222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222000000022222
222222222222222222222222222222222222222222200222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222220222222222200
022202220000222220022222222222222222222222222220022222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222220222222222
222000000000000002200000022222222222222222222222220002222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222220222222
222220000002220002220000222200022222222222222222222222000222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222220022
222222220022220020000002200022222002000222222222222222222220022222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
002222222220022222002002000220002222220000022222200002222222220002222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222002222222220022222220000220002000022222000000022000000022222222000222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222200222222220022222220000222200002202222200000002200222000222222200000222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222220222222200022222222200022222000222022222200000220022222002222200000
002222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222220022222202022222222220002222200022202222220000022002222200022220
000000022222200222222002222222222222222222222222222222222222222222222222222222
222222222222222222002222200022222222222000222222002200222222002000000222222002
222000020000222000002222200002222222222222222222222222222222222222222222222222
222222222222222222222220222200222222222222200022222200222002222200200000222222
220022000022200022000200022222000222220000222222222222222222222222222222222222
222222222222222222222222222002200222222222222220002222222002200222220020000022
222222202200000222000000000002222220002220000022222222222222222222222222222222
222222222222222222222222222222220000222222222222222000022222200220022222002000
002222222202020000022220002222200022222000222000200222222222222222222222222222
222222222222222222222222222222222222222222222222222222000000022220022202222200
200000222222222002000002222000222222000022220022200022002222222000000222222222
222222222222222222222222222222222222222222222222222222222200200002222000220022
220020000022222222200200000222220002222200000222000220002200000222200220000222
222222222222222222222222222222222222222222222222222222222222220020000222200022
002222002200000222222220020000022222000022220000022200022000222200000200022220
002222222222222222222222222222222222222222222222222222222222222220002002002222
002200222200220000022222222002000002222220002222202200222002200022200000000022
222220002222222222222222222222222222222222222222222222222222222222222002200200
222200022022220022200022222222200200000222222000222220022002200020002222000200
002222222200222222222222222222222222222222222222222222222222222222222222002220
000022220002200222000000000222222222022000002222220002222002220020002200222200
022000022222222000222222222222222222222222222222222222222222222222222222222200
222000200222200220022200000000022222222202200000222222000222200222002000200022
222000220002222222220002222222222222222222222222222222222222222222222222222222
200222200020022220022202222000200002222222202220002002222220002220022220000020
000222220022000222222222200022222222222222222222222222222222222222222222222222
222220022220000002222002200222000200000222222222222000200222222000222002222000
002200022222002220002222222222000222222222222222222222222222222222222222222222
222222220022222000000022200022002200022000022222222222200022002222200002202222
220000220002222200022000022222222220002222222222222222222222222222222222222222
222222222220022222200200002220020200200002222002222222222220002200022220000220
222222000022000222222002200002222222222200022222222222222222222222222222222222
222222222222220002222222020000222002000000002222200022222222222000222020222200
022022222200002200002222200220000022222222222000222222222222222222222222222222
222222222222222222002222222202000022200222000000222220002222222222200022222222
220002002222222000220000222220002000002222222222220002222222222222222222222222
222222222222222222222000222222220020002220022000000000022200222222222220002222
020222000002222222200022200022222000202020022222222222200022222222222222222222
222222222222222222222222200222222222222000222002002222222000000002222222222000
222220022200000222222220002220000222220022202002222222222222002222222222222222
222222222222222222222222222200222222222222220002200002222222222220000222222222
200022222200020000022222222000222000022222002222000222222222222200022222222222
222222222222222222222222222222220022222222222222000220000222222222222200002222
222220002222222000002002222222200022200002222200222000022222222222222002222222
222222222222222222222222222222222220022222222222222220000000022222222222222000
002222222000222222222022222222222222002222000022222022200000222222222222200022
222222222222222222222222222222222222222002222222222222222000002022222222222222
222200022222200022222222222222222222222222222200222222222222000022222222222222
002222222222222222222222222222222222222222200222222222222222200222202222222222
222222222200022220002222222222222222222222222222220022222222222220002222222222
222220022222222222222222222222222222222222222220022222222222222220022220222222
222222222222222200022000222222222222222222222222222222002222222222222222222222
222222222002222222222222222222222222222222222222222002222222222222222002222002
222222222222222222222000000022222222222222222222222222222200022222222222222222
222222222222200022222222222222222222222222222222222222202222222222222222200222
200222222222222222222222222000002222222222222222222222222222222002222222222222
222222222222222222002222222222222222222222222222222222222220222222222222222220
022220022222222222222222222222220000222222222222222222222222222222200222222222
222222222222222222222200022222222222222222222222222222222222222002222222222222
222002222200222222222222222222222222200002222222222222222222222222222220022222
222222222222222222222222222002222222222222222222222222222222222222200222222222
222222200222220022222222222222222222222200000022222222222222222222222222222002
222222222222222222222222222222200222222222222222222222222222222222222220022222
222222222220022222200222222222222222222222220000200222222222222222222222222222
200022222222222222222222222222222220022222222222222222222222222222222222222002
222222222222222002222220022222222222222222222222000022002222222222222222222222
222220002222222222222222222222222222222002222222222222222222222222222222222222
220222222222222222200222222200222222222222222222222200002220002222222222222222
222222222200222222222222222222222222222222220222222222222222222222222222222222
222222002222222222222220022222222002222222222222222222200000222200022222222222
222222222222220022222222222222222222222222222220022222222222222222222222222222
222222222200222222222222222002222222220022222222222222222220000022222002222222
222222222222222222002222222222222222222222222222222002222222222222222222222222
222222222222222022222222222222200222222222200222222222222222220020002222220022
222222222222222222222200222222222222222222222222222222200222222222222222222222
222222222222222222200222222222222220022222222222002222222222222220002200222222
200222222222222222222222220002222222222222222222222222222222022222222222222222
222222222222222222222220002222222222222022222222222220022222222222222002222022
222222002222222222222222222222000222222222222222222222222222222202222222222222
222222222222222222222222222200222222222222002222222222222200022222222220002222
202222222200022222222222222222222220022222222222222222222222222222000222222222
222222222222222222222222222222220002222222222000222222222222222000222222220002
222220222222222000222222222222222222222002222222222222222222222222222202222222
222222222222222222222222222222222222200222222222200022222222222222222200000000
022222220222222222220022222222222222222222200222222222222222222222222222220222
222222222222222222222222222222222222222222002222222220022222222222222222222220
022222222222202222222222200222222222222222222220002222222222222222222222222220
022222222222222222222222222222222222222222222220222222220002222222222222222222
222222222222222220222222222220002222222222222222222000222222222222222222222222
222022222222222222222222222222222222222222222222222222222222002222222222222222
222222222222222222222022222222222200222222222222222222220022222222222222222222
222222222222222222222222222222222222222222222222222222220022222002222222222222
222222222222222222222222202222222222222002222222222222222222002222222222222222
222222222222222222222222222222222222222222222222222222222222200022200222222222
222222222222222222222222222222222222222222200222222222222222222200222222222222
222222222222222222222222222222222222222222222222222222222222222222000000222222
222222222222222222222222222222222222222222222222002222222222222222220022222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222200222222222222222222000222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222220222222222222222222220
022222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222202222222222222222
222002222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222220222222222222
222222200222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222220222222
222222222220022222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222022
222222222222222202222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
202222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
040000002701ffff030000000000
}\cf1\b\f0\fs24\par
\b0 Sean M. Kessler\par
\par
\pard\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\cf0 Enclosure: resume\f2\fs20\par
\pard\cf1\b\f0\fs24 (631)525-2496\par
\par
\par
\b0\par
\cf0\f1\fs20\par
}

242
docs/RESUME/Cover_Preferred Financial Stratregies.rtf Normal file
View File

@@ -0,0 +1,242 @@
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fmodern\fprq1\fcharset0 Courier New;}{\f1\fswiss\fcharset0 Arial;}{\f2\froman\fprq2\fcharset0 Times New Roman;}}
{\colortbl ;\red0\green0\blue0;}
{\stylesheet{ Normal;}{\s1 heading 1;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\keepn\s1\cf1\f0\fs24 March 12, 2012\par
\pard\b\par
\pard\ri-582\par
\b0 Dear HR ;\par
\pard\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\cf0 I would like to be considered for a development position at Preferred Financial Strategies.\par
\par
My twenty-plus years of software design and development experience in the financial industry have helped me to achieve a successful track record of engineering and deploying efficient enterprise solutions. In my position with Global Advanced Technology I gained invaluable critical thinking skills, large software design skills, and best practices methodologies. I have worked on trading systems where performance and failover handling are mission critical. In addition, my experience with modeling tools such as Rational Rose and Enterprise Architect have provided me with the ability to design efficiently across various development groups. I have experience with a variety of programming languages including Java, C, C++, and C#.\par
\par
Through challenging team lead positions, I have developed effective interpersonal skills and a strong team-oriented spirit, even while under pressure. I know that these are qualities that Preferred Financial Strategies is looking for in successful engineers.\par
\par
I have attached my resume for your review. I am enthusiastic about a career path with GoodMortage and I look forward to speaking with you at your earliest convenience. Thank you for your time and consideration.\par
\par
\par
Sincerely,\par
\par
\par
\pard\f1\fs20{\pict\wmetafile8\picwgoal2399\pichgoal1499
010009000003061000000000e10f000000000400000003010800050000000b0200000000050000
000c026500a100030000001e000400000007010400e10f0000410b2000cc006400a00000000000
6400a0000000000028000000a00000006400000001000400000000000000000000000000000000
00000000000000000000000000ffffff00fefefe00000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000000000002222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222220022222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222002222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222200222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222200022222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222220022222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222002222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222200222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222220022222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222002222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222200222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222220
022222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222002222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222200222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222220022222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222002222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222200222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222220022222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222002222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222200222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222220022222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222200222222222222
222222222222222222222222222222222222222002222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222000000022222
222222222222222222222222222222222222222222200222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222220222222222200
022202220000222220022222222222222222222222222220022222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222220222222222
222000000000000002200000022222222222222222222222220002222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222220222222
222220000002220002220000222200022222222222222222222222000222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222220022
222222220022220020000002200022222002000222222222222222222220022222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
002222222220022222002002000220002222220000022222200002222222220002222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222002222222220022222220000220002000022222000000022000000022222222000222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222200222222220022222220000222200002202222200000002200222000222222200000222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222220222222200022222222200022222000222022222200000220022222002222200000
002222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222220022222202022222222220002222200022202222220000022002222200022220
000000022222200222222002222222222222222222222222222222222222222222222222222222
222222222222222222002222200022222222222000222222002200222222002000000222222002
222000020000222000002222200002222222222222222222222222222222222222222222222222
222222222222222222222220222200222222222222200022222200222002222200200000222222
220022000022200022000200022222000222220000222222222222222222222222222222222222
222222222222222222222222222002200222222222222220002222222002200222220020000022
222222202200000222000000000002222220002220000022222222222222222222222222222222
222222222222222222222222222222220000222222222222222000022222200220022222002000
002222222202020000022220002222200022222000222000200222222222222222222222222222
222222222222222222222222222222222222222222222222222222000000022220022202222200
200000222222222002000002222000222222000022220022200022002222222000000222222222
222222222222222222222222222222222222222222222222222222222200200002222000220022
220020000022222222200200000222220002222200000222000220002200000222200220000222
222222222222222222222222222222222222222222222222222222222222220020000222200022
002222002200000222222220020000022222000022220000022200022000222200000200022220
002222222222222222222222222222222222222222222222222222222222222220002002002222
002200222200220000022222222002000002222220002222202200222002200022200000000022
222220002222222222222222222222222222222222222222222222222222222222222002200200
222200022022220022200022222222200200000222222000222220022002200020002222000200
002222222200222222222222222222222222222222222222222222222222222222222222002220
000022220002200222000000000222222222022000002222220002222002220020002200222200
022000022222222000222222222222222222222222222222222222222222222222222222222200
222000200222200220022200000000022222222202200000222222000222200222002000200022
222000220002222222220002222222222222222222222222222222222222222222222222222222
200222200020022220022202222000200002222222202220002002222220002220022220000020
000222220022000222222222200022222222222222222222222222222222222222222222222222
222220022220000002222002200222000200000222222222222000200222222000222002222000
002200022222002220002222222222000222222222222222222222222222222222222222222222
222222220022222000000022200022002200022000022222222222200022002222200002202222
220000220002222200022000022222222220002222222222222222222222222222222222222222
222222222220022222200200002220020200200002222002222222222220002200022220000220
222222000022000222222002200002222222222200022222222222222222222222222222222222
222222222222220002222222020000222002000000002222200022222222222000222020222200
022022222200002200002222200220000022222222222000222222222222222222222222222222
222222222222222222002222222202000022200222000000222220002222222222200022222222
220002002222222000220000222220002000002222222222220002222222222222222222222222
222222222222222222222000222222220020002220022000000000022200222222222220002222
020222000002222222200022200022222000202020022222222222200022222222222222222222
222222222222222222222222200222222222222000222002002222222000000002222222222000
222220022200000222222220002220000222220022202002222222222222002222222222222222
222222222222222222222222222200222222222222220002200002222222222220000222222222
200022222200020000022222222000222000022222002222000222222222222200022222222222
222222222222222222222222222222220022222222222222000220000222222222222200002222
222220002222222000002002222222200022200002222200222000022222222222222002222222
222222222222222222222222222222222220022222222222222220000000022222222222222000
002222222000222222222022222222222222002222000022222022200000222222222222200022
222222222222222222222222222222222222222002222222222222222000002022222222222222
222200022222200022222222222222222222222222222200222222222222000022222222222222
002222222222222222222222222222222222222222200222222222222222200222202222222222
222222222200022220002222222222222222222222222222220022222222222220002222222222
222220022222222222222222222222222222222222222220022222222222222220022220222222
222222222222222200022000222222222222222222222222222222002222222222222222222222
222222222002222222222222222222222222222222222222222002222222222222222002222002
222222222222222222222000000022222222222222222222222222222200022222222222222222
222222222222200022222222222222222222222222222222222222202222222222222222200222
200222222222222222222222222000002222222222222222222222222222222002222222222222
222222222222222222002222222222222222222222222222222222222220222222222222222220
022220022222222222222222222222220000222222222222222222222222222222200222222222
222222222222222222222200022222222222222222222222222222222222222002222222222222
222002222200222222222222222222222222200002222222222222222222222222222220022222
222222222222222222222222222002222222222222222222222222222222222222200222222222
222222200222220022222222222222222222222200000022222222222222222222222222222002
222222222222222222222222222222200222222222222222222222222222222222222220022222
222222222220022222200222222222222222222222220000200222222222222222222222222222
200022222222222222222222222222222220022222222222222222222222222222222222222002
222222222222222002222220022222222222222222222222000022002222222222222222222222
222220002222222222222222222222222222222002222222222222222222222222222222222222
220222222222222222200222222200222222222222222222222200002220002222222222222222
222222222200222222222222222222222222222222220222222222222222222222222222222222
222222002222222222222220022222222002222222222222222222200000222200022222222222
222222222222220022222222222222222222222222222220022222222222222222222222222222
222222222200222222222222222002222222220022222222222222222220000022222002222222
222222222222222222002222222222222222222222222222222002222222222222222222222222
222222222222222022222222222222200222222222200222222222222222220020002222220022
222222222222222222222200222222222222222222222222222222200222222222222222222222
222222222222222222200222222222222220022222222222002222222222222220002200222222
200222222222222222222222220002222222222222222222222222222222022222222222222222
222222222222222222222220002222222222222022222222222220022222222222222002222022
222222002222222222222222222222000222222222222222222222222222222202222222222222
222222222222222222222222222200222222222222002222222222222200022222222220002222
202222222200022222222222222222222220022222222222222222222222222222000222222222
222222222222222222222222222222220002222222222000222222222222222000222222220002
222220222222222000222222222222222222222002222222222222222222222222222202222222
222222222222222222222222222222222222200222222222200022222222222222222200000000
022222220222222222220022222222222222222222200222222222222222222222222222220222
222222222222222222222222222222222222222222002222222220022222222222222222222220
022222222222202222222222200222222222222222222220002222222222222222222222222220
022222222222222222222222222222222222222222222220222222220002222222222222222222
222222222222222220222222222220002222222222222222222000222222222222222222222222
222022222222222222222222222222222222222222222222222222222222002222222222222222
222222222222222222222022222222222200222222222222222222220022222222222222222222
222222222222222222222222222222222222222222222222222222220022222002222222222222
222222222222222222222222202222222222222002222222222222222222002222222222222222
222222222222222222222222222222222222222222222222222222222222200022200222222222
222222222222222222222222222222222222222222200222222222222222222200222222222222
222222222222222222222222222222222222222222222222222222222222222222000000222222
222222222222222222222222222222222222222222222222002222222222222222220022222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222200222222222222222222000222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222220222222222222222222220
022222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222202222222222222222
222002222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222220222222222222
222222200222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222220222222
222222222220022222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222022
222222222222222202222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
202222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
222222222222222222222222222222222222222222222222222222222222222222222222222222
040000002701ffff030000000000
}\cf1\b\f0\fs24\par
\b0 Sean M. Kessler\par
\par
\pard\tx916\tx1832\tx2748\tx3664\tx4580\tx5496\tx6412\tx7328\tx8244\tx9160\tx10076\tx10992\tx11908\tx12824\tx13740\tx14656\cf0 Enclosure: resume\f2\fs20\par
\pard\cf1\b\f0\fs24 (631)525-2496\par
\par
\par
\b0\par
\cf0\f1\fs20\par
}

249
docs/RESUME/Resume8a.doc Normal file
View File

@@ -0,0 +1,249 @@
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\froman\fcharset0 Times New Roman;}{\f1\fnil\fcharset2 Symbol;}}
{\colortbl ;\red0\green0\blue0;}
{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}{\s3 heading 3;}{\s4 heading 4;}{\s5 heading 5;}{\s6 heading 6;}}
\viewkind4\uc1\pard\qc\b\f0\fs48 Sean M. Kessler\par
\b0\i\fs22 126 Biscayne Court\par
Mooresville, N.C. 28117\par
home:704/660-6654\par
cell:631/525-2496\par
\b\fs16 fusionnc@adelphia.net\par
\b0\i0\fs24\par
\pard\fs18 With a solid background in the development of enterprise software solutions, I am seeking a JAVA/C#//C++ developer/architect position employing object oriented analysis and design, modeling, programming, and project management skills in a team oriented environment.\b\par
\b0\fs22\par
\par
\pard\keepn\s3\qc\b Career History\par
\pard\par
\pard\keepn\s6\i Senior Architect/Lead Developer\par
\pard\i0\fs28 Wachovia Corporation\tab\tab\tab\tab\i\fs22 (08/05-Present) Charlotte, N.C.\i0\fs28\par
\pard\keepn\s5\i\fs24 Corporate And Investment Bank Technology - Trading\i0\par
\b0\fs18 Support middle office trading systems which uses Calypso EMS (publish/ subscribe) to perform trade routing to client applications. Designed and implemented trade reconcilation application to identify and correct dropped trades.\b\fs24\par
Fixed Income Technology - Risk Management\tab\tab\tab\tab\tab\par
\pard\i\fs22 N-Tier Portfolio Attribution/Contribution System(C#.NET/WebServices/J2EE)\par
\b0\i0\fs18 Designed and implemented distributed N-Tier portfolio contribution/attribution system using C#.NET WebServices/\par
/.NET remoting and JAVA/JSP front end. This tool manages over 600 portfolios and provides the ability for the portfolio manager to view contribution and attribution across a variety of sectors. The system also allows the portfolio manager to create custom sectors and perform these calculations against any number of nested sectors. A .JSP TreeView provides the ability for the portfolio manager to descend into a particular nesting and view the contribution, attribution, total return, and holdings for a given selection. The system leverages MatLab and C++ modules in order to produce realtime results in a short timeframe. Also designed and implemented a recursive descent compiler to allow the line of business to implement dynamic sector allocation using a scripting language. This system makes heavy use of enterprise design patterns and was designed using the Enterprise Architect UML tool. Also implemented a variety of tools to assist the line of business with quality assurance efforts. Additional responsibilities include full SDLC via PICCT tool, test plans, verification plans, coordinate releases with implementation team(s), ensure that design and implementation follow Wachovia Corporate Governance Policies, assist with business analysis and requirements gathering efforts.\par
\b\fs22\par
\i Senior Architect/Project Manager\par
\i0\fs28 Ziff Brothers Investments\par
\fs24 Quantitative Strategy /Risk and Reporting\par
\i\fs22 N-Tier Risk Analysis System (C# .NET Remote NT)\tab (06/03-06/05) New York, N.Y.\par
\b0\i0\fs18 Designed and implemented distributed N-Tier risk analysis system using C# .NET Remote. The system manages historical market data in support of a suite of financial models which generate buy/sell recommendations. The system also provides a common framework for analytics used by other tiers and GUI products. Designed and implemented portfolio generator tool used by model authors to back-test financial models. This tool provides various views and comparative statistics of a model portfolio over time which enables the model author to compare a theory against market effects. The tool is a client of the risk analysis system. Designed and implemented VaR service to support client calculators. Institutionalized quality assurance practices to ensure the consistency of analytics over time. Additional responsibilities include hiring of new candidates, coordination and prioritization of team member assignments across operations and quantitative strategy groups, review and approval of UML designs, reporting and coordination of project status with CTO. Training of new hires. Ensure that coding standards and best practices are being maintained throughout various levels of the system. Manage team of five developers.\par
\b\fs22\par
\par
\par
\par
\par
\b0\fs18\par
\pard\qc Page 2\par
\pard\par
\b\fs22\par
\par
\i Senior Software Engineer II\par
\i0\fs28 Barra Inc.,\par
\fs24 Equity Trading\par
\i\fs22 N-Tier Broker/Dealer System (J2EE) \tab\tab (10/00-06/03) New York, N.Y.\par
\b0\i0\fs18 Assisted with the complete rewrite of the POSIT system. POSIT is the worlds largest system for electronic matching of equities during the market day. The system was ported from Fortran/C (VMS) to JAVA EJB under WebLogic v6.1. Participated in design and architectural phase using Rational Rose for the object and sequence diagrams. Designed and implemented price client socket modules for retrieval of realtime prices. Designed and implemented logical business transactions using MQSeries for JAVA (JMS). Assisted with development and implementation of publish/subscribe logic using MQSeries under JMS. Designed and implemented MDB components as well as stateless session beans for data access and communications components. Assisted with design of DTD specification and implemented XML serializers for business objects. Assisted with development and optimization of data access components including views, stored procedures, and triggers. Designed and developed custom profiling and performance statistics tools to assist with optimization of system throughput. Assist with hardware and network purchasing decisions with respect to cluster performance. Also responsible for interviewing, technical evaluation, and final recommendation of new hire candidates. Assist junior level staff with project work.\par
\par
\par
\b\i\fs22 Senior Software Engineer\par
\i0\fs28 Electronic Managed Account Inc.,\par
\i\fs22 N-Tier Asset Management- (C++/JAVA EJB) \tab\tab (03/00-09/00) New York, N.Y.\par
\b0\i0\fs18 Assisted with the redesign of server end architecture (C++) to be flexible enough to meet the needs of the company's growing client base. Implemented load balancing and watchdog system software on the server end to assure reliable data delivery and throughput (C++). Implemented various JAVA application and servlet based tools to perform system load testing. Responsible for coordinating project releases with CTO and organizing programming staff to meet these goals. Responsible for coordinating and submitting software release candidates with QA staff. Responsible for interview process of potential candidates and recommendation/hiring of new staff hires.\par
\par
\b\i\fs22 Senior Software Engineer\par
\i0\fs28 Cortex Software LLC\par
\i\fs22 Client/Server Medical (C++/JAVA CORBA) \tab\tab (06/99-03/00) Manhasset, N.Y.\par
\b0\i0\fs18 Designed and developed client server medical tracking system using C++ and JAVA. The servers consisted\par
of C++ and JAVA CORBA servants accessed through servlets. Also converted database from MS-Access\par
to MSSQL using stored procedures to encapsulate business logic. Implemented DCOM based client/server\par
image retrieval subsystem using sink points. Responsible for interviewing and hiring new staff members. Responsible for coordinating project releases with upper management and communication with programming\par
staff to meet these goals.\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\pard\qc\fs22\par
\fs18 Page 3\par
\pard\par
\par
\b\i\fs22 Software Engineer\par
\i0\fs28 Fortis Advisers\par
\i\fs22 Quantitative Analysis Area (C++)\tab\tab\tab (10/97-06/99) New York, N.Y.\par
\cf1\b0\i0\fs18 Wrote application for portfolio managers using Visual C++, Sybase ODBC, which calculates the cost of trading actual holdings (turnover), given tax basis and then translates the dollar cost into a curve tightening in terms of a basis point spread that is needed to offset losses. The application is used extensively during portfolio rebalancing to identify tax efficient trades. Designed, developed and implemented a financial language compiler and interface wizard using Visual C++ that allows actuaries and non-programmers to write financial forecasting models. The interface allows the actuarial staff to use a menu driven interface to construct various financial models. The application generates pseudocode which is compiled and interpreted.\par
\cf0\b\i\fs22 \par
Software Engineer\par
\i0\fs28 Moodys Investors Service\par
\i\fs22 Administrative Systems\tab (C++)\tab\tab\tab\tab (11/96-10/97) New York, N.Y.\par
\cf1\b0\i0\fs18 Provided lead position in upgrading the Moody\rquote s Internal Rating System software through it's second generation. This task centered around the encapsulation of 'C' based objects with their C++ equivalents, consolidation\par
of free-form database queries into stored procedures and the development of an object oriented ratings\par
system.\par
\cf0\b\i\fs22\par
Senior Software Engineer\par
\i0\fs28 Global Advanced Technology Corporation\par
\i\fs22 Collateralized Mortgage Obligations (C++)\tab\tab\tab (04/92-11/96) New York, N.Y.\par
\cf1\b0\i0\fs18 Developed Mortgage Server application in C++ under MS Windows 3.x/95. This application managed a large database containing mortgage pool information with historical factors and geographics. The software allows the client to create generic mortgage pools in order to generate cashflows on TBA's (To-Be-Announced). The software can work together with the company\rquote s CMO product to allow the user to structure various scenarios and generate cash flows. Cold DDE links are used to support interprocess communications between Lotus 123, MS Excel and other internal fixed income software. Developed communications software using Windows 3.x/95 Comm. API and Borland C++ v4.52. This application featured a terminal interface, XMODEM, XMODEM CRC, YMODEM, YMODEM-1k protocols as well as RFC 959(FTP) and was used to provide data updates to clients. Assist junior programmers and PhD staff in project organization and programming techniques. Design software toolbox for development staff to encapsulate commonly used analytics and algorithms such as CatmullRom Cubic Spline, templated (C++) blocks and linked list algorithms.\par
\cf0\b\fs22\par
\i Programmer/Analyst\par
\i0\fs28 Security Pacific National Trust Co.,\par
\i\fs22 Trust Product Systems Area (VAX/MS \lquote C\rquote )\tab\tab\tab (08/90-04/92) New York, N.Y.\par
\cf1\b0\i0\fs18 Developed transaction tracking system for Travel Group which managed accounts receivable, invoice processing and maintained collateral positions for clientele. Developed print spooler and queue for use in P.C. based applications. Developed an expanded memory window library for use in P.C. applications. Developed window library using SMG under VAX VMS for use in Security Pacific E-MAIL system. Converted, enhanced and maintained Global Lending System. Assisted in the development of a database system written in VAX 'C' using RMS. Provided programming support for Trust Product Systems Area.\par
\pard\qc\cf0\fs24\par
\par
\par
\par
\fs22\par
\fs18 Page 4\par
\pard\par
\pard\qc\fs24\par
\par
\pard\b\i\fs22 Senior Programmer Analyst\par
\i0\fs28 Martinaire Holland Inc.,\par
\i\fs22 Management Information Systems (Borland Turbo \lquote C\rquote )\tab (01/90-08/90) Manhassett, N.Y.\par
\cf1\b0\i0\fs18 Developed remote communications system using Borland Turbo 'C' v2.0 which interfaced with a national reservations network. This system was designed to query the reservations database for current flight, seat and equipment loads.\par
\cf0\b\i\fs22\par
Programmer/Information Specialist\par
\i0\fs28 Buck Consultants and Consulting Actuaries Inc.,\par
\i\fs22 Defined Contribution Area (MS Basic/\rquote C\rquote )\tab\tab\tab (01/89-12/89) Secaucus, N.J.\par
\cf1\b0\i0\fs18 Developed record keeping system for Defined Contribution area for the purpose of calculating and maintaining 401(k) pension factors. This system was sold to company clientele along with maintenance contract to provide updated software and data.\par
\cf0\fs24\par
\b\i\fs22 Information Specialist\par
\i0\fs28 Executive Life Insurance Company of New York\par
\i\fs22 Group Annuity Area (Borland \lquote C\rquote )\tab\tab\tab\tab (03/87-01/89) Jericho, N.Y.\par
\cf1\b0\i0\fs18 Assisted programmers in the development and troubleshooting of a retirement annuity system written in OS/VSII COBOL. Developed system in Borland Turbo 'C' to calculate available retirement benefits.\par
\cf0\fs24\par
\par
\b\i\fs22\par
\pard\qc\b0\i0\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\fs18 Page 5\par
\pard\fs24\par
\par
\pard\keepn\s3\qc\b\fs22 Software Skill Summary\par
\pard\qc\b0\par
\par
\pard{\pntext\f1\'B7\tab}{\*\pn\pnlvlblt\pnf1\pnindent0{\pntxtb\'B7}}\fi-360\li360\tx360\b Software Engineering Methods:\b0 Extreme Programming. UML and design patterns including J2EE, concurrency and GoF patterns.\par
\b{\pntext\f1\'B7\tab}Modeling Tools:\b0 Enterprise Architect, Visio, Rational Rose, \par
\b{\pntext\f1\'B7\tab}Web Architectures:\b0 J2EE architecture utilizing J2EE orientied design patterns. Extensive multi-tier Java EJB, Servlet and JSP development, EJB, RMI, JDBC, JMS and XML. Microsoft enterprise architecture utilizing multi-tier services .NET and WebServices.\par
\b{\pntext\f1\'B7\tab}Java Enterprise APIs:\b0 Java Servlets, RMI, EJB, JDBC, JNDI, JMS, and JTA.\par
\b{\pntext\f1\'B7\tab}Microsoft .NET Framework:\b0 Remoting with C# .NET and WebServices\par
\b{\pntext\f1\'B7\tab}Web Services:\b0 Apache/Tomcat. Microsoft ASP.NET, IIS.\par
\b{\pntext\f1\'B7\tab}XML Technologies:\b0 DTD, XML-Schema, DOM, SAX.\par
\b{\pntext\f1\'B7\tab}General Programming:\b0 Java, C#, C/C++, BASH, network programming, CORBA, multi-threaded programming, UML, XML and HTML.\par
\b{\pntext\f1\'B7\tab}Database Programming:\b0 Sybase SQL, MSSQL, JDBC and ODBC APIs, ADO.NET.\par
\b{\pntext\f1\'B7\tab}Web, Application and JMS Servers:\b0 JBOSS, BEA WebLogic, Apache/Tomcat, IIS. Experience with WebLogic JMS,IBM MQSeries.\par
\b{\pntext\f1\'B7\tab}Network Protocols: \b0 SSL/HTTPS, HTTP tunneling, HTTP, sockets, SMTP, NNTP, FTP, POP3, DNS, SMB.\par
\b{\pntext\f1\'B7\tab}IDEs:\b0 IBM Eclipse, Symantec VisualCafe, Sun Forte for Java, Sun Workshop, MS Visual C++, EMACS, and Microsoft Visual Studio .NET.\par
\b{\pntext\f1\'B7\tab}Source Code Control:\b0 MS Visual Source Safe, CVS.\par
{\pntext\f1\'B7\tab}Excellent written and verbal communication skills.\par
\pard\fs24\par
\par
\fs18\par
\pard\keepn\s4\qc\cf1\b\fs22 Education\par
\pard\qc\cf0\fs20\par
\par
\pard\fs28\tab New York Institute of Technology\par
\cf1\b0\fs18\tab Courses attended: Systems Programming I (Compiler Theory) [A], Data Structures [A], Calculus I [B+], \tab Calculus II [A], Calculus III [A]. Overall Grade Point Average 3.9.\par
\cf0\fs24\par
\b\fs28\tab State University of New York at Albany\par
\cf1\b0\fs18\tab Awarded B.A. in Cognitive Psychology with minor in Computer Science.\par
\cf0\b\fs28\par
\tab State University of New York at Stony Brook\par
\cf1\b0\fs18\tab Attended part-time, non matriculated. Courses included Business Ethics and Law.\par
\cf0\b\fs28\par
\par
\par
\par
\par
\pard\qc\b0\fs18 Page 6\par
\pard\b\fs28\par
\par
\pard\keepn\s4\qc\cf1\fs20 Certificates/Programs\par
\pard\qc\par
\par
\pard\b0\tab\b Learning Tree. New York, NY\par
\b0\tab Microsoft C# Language.\par
\par
\tab\b Learning Tree. New York, NY\par
\b0\tab Object Oriented Design with UML\par
\par
\tab\b IBM Learning Center. Atlanta, GA\par
\pard\keepn\s2\b0 \tab IBM MQSeries programming I\par
\tab IBM MQSeries programming II\par
\pard\cf0\par
\cf1\tab\b Hobbies\tab\par
\pard\keepn\s2\tab\b0 Applications of Music Theory to Jazz Fusion Guitar.\par
\pard\cf0\tab Sound Engineering, Mixing, and Mastering.\par
\par
\tab\b Favorite Quote\par
\tab\b0 Tell me and I will forget, show me and I might remember, involve me and I will understand.\par
\cf1\i\par
\par
\pard\fi720\cf0\i0 References available on request.\par
\pard\cf1\b\i\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
\par
}

BIN
docs/RESUME/Sean Kessler v2010.doc Normal file
View File

Binary file not shown.

BIN
docs/RESUME/Sean Kessler.doc Normal file
View File

Binary file not shown.

BIN
docs/RESUME/combined.doc Normal file
View File

Binary file not shown.

BIN
docs/RESUME/combined_6.doc Normal file
View File

Binary file not shown.

BIN
docs/RESUME/combined_7.doc Normal file
View File

Binary file not shown.

BIN
docs/RESUME/combineda.doc Normal file
View File

Binary file not shown.

1550
docs/RFC977~1.HTM Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
docs/S091798.FM3 Normal file
View File

Binary file not shown.

BIN
docs/S091798.WK3 Normal file
View File

Binary file not shown.

BIN
docs/SCEN01.WK3 Normal file
View File

Binary file not shown.

BIN
docs/SCENARIO.FM3 Normal file
View File

Binary file not shown.

BIN
docs/SCENARIO.WK3 Normal file
View File

Binary file not shown.

BIN
docs/SCHWAB.FM3 Normal file
View File

Binary file not shown.

BIN
docs/SCHWAB.WK3 Normal file
View File

Binary file not shown.

3733
docs/WSFF.TXT Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
docs/callgate.zip Normal file
View File

Binary file not shown.

648
docs/cert.txt Normal file
View File

@@ -0,0 +1,648 @@
keytool - Key and Certificate Management Tool
Manages a keystore (database) of private keys and their associated X.509 certificate chains authenticating the corresponding public keys. Also manages certificates from trusted entities.
SYNOPSIS
keytool [ commands ]
DESCRIPTION
keytool is a key and certificate management utility. It enables users to administer their own public/private key pairs and associated certificates for use in self-authentication (where the user authenticates himself/herself to other users/services) or data integrity and authentication services, using digital signatures. It also allows users to cache the public keys (in the form of certificates) of their communicating peers.
A certificate is a digitally signed statement from one entity (person, company, etc.), saying that the public key (and some other information) of some other entity has a particular value. (See Certificates.) When data is digitally signed, the signature can be verified to check the data integrity and authenticity. Integrity means that the data has not been modified or tampered with, and authenticity means the data indeed comes from whoever claims to have created and signed it.
keytool stores the keys and certificates in a so-called keystore. The default keystore implementation implements the keystore as a file. It protects private keys with a password.
The jarsigner tool uses information from a keystore to generate or verify digital signatures for Java ARchive (JAR) files. (A JAR file packages class files, images, sounds, and/or other digital data in a single file). jarsigner verifies the digital signature of a JAR file, using the certificate that comes with it (it is included in the signature block file of the JAR file), and then checks whether or not the public key of that certificate is "trusted", i.e., is contained in the specified keystore.
Please note: the keytool and jarsigner tools completely replace the javakey tool provided in JDK 1.1. These new tools provide more features than javakey, including the ability to protect the keystore and private keys with passwords, and the ability to verify signatures in addition to generating them. The new keystore architecture replaces the identity database that javakey created and managed. It is possible to import the information from an identity database into a keystore, via the -identitydb keytool command.
Keystore Entries
There are two different types of entries in a keystore:
key entries - each holds very sensitive cryptographic key information,
which is stored in a protected format to prevent unauthorized access. Typically, a key stored
in this type of entry is a secret key, or a private key accompanied by the certificate "chain"
for the corresponding public key. The keytool and jarsigner tools only handle the latter
type of entry, that is private keys and their associated certificate chains.
trusted certificate entries - each contains a single public key certificate belonging to another party. It is called a "trusted certificate" because the keystore owner trusts that the public key in the certificate indeed belongs to the identity identified by the "subject" (owner) of the certificate. The issuer of the certificate vouches for this, by signing the certificate.
Keystore Aliases
All keystore entries (key and trusted certificate entries) are accessed via unique aliases. Aliases are case-insensitive; the aliases Hugo and hugo would refer to the same keystore entry.
An alias is specified when you add an entity to the keystore using the -genkey command to generate a key pair (public and private key) or the -import command to add a certificate or certificate chain to the list of trusted certificates. Subsequent keytool commands must use this same alias to refer to the entity.
For example, suppose you use the alias duke to generate a new public/private key pair and wrap the public key into a self-signed certificate (see Certificate Chains) via the following command:
keytool -genkey -alias duke -keypass dukekeypasswd
This specifies an inital password of "dukekeypasswd" required by subsequent commands to access the private key assocated with the alias duke. If you later want to change duke's private key password, you use a command like the following:
keytool -keypasswd -alias duke -keypass dukekeypasswd -new newpass
This changes the password from "dukekeypasswd" to "newpass".
Please note: A password should not actually be specified on a command line or in a script unless it is for testing purposes, or you are on a secure system. If you don't specify a required password option on a command line, you will be prompted for it. When typing in a password at the password prompt, the password is currently echoed (displayed exactly as typed), so be careful not to type it in front of anyone.
Keystore Location
Each keytool command has a -keystore option for specifying the name and location of the
persistent keystore file for the keystore managed by keytool. The keystore is by default stored
in a file named .keystore in the user's home directory, as determined by the "user.home" system
property. Given user name uName, the "user.home" property value defaults to
C:\Winnt\Profiles\uName on multi-user Windows NT systems
C:\Windows\Profiles\uName on multi-user Windows 95 systems
C:\Windows on single-user Windows 95 systems
Thus, if the user name is "cathy", "user.home" defaults to
C:\Winnt\Profiles\cathy on multi-user Windows NT systems
C:\Windows\Profiles\cathy on multi-user Windows 95 systems
Keystore Creation
A keystore is created whenever you use a -genkey, -import, or -identitydb command to add data
to a keystore that doesn't yet exist.
More specifically, if you specify, in the -keystore option, a keystore that doesn't yet exist,
that keystore will be created.
If you don't specify a -keystore option, the default keystore is a file named .keystore in your home directory. If that file does not yet exist, it will be created.
Keystore Implementation
The KeyStore class provided in the java.security package supplies well-defined interfaces to
access and modify the information in a keystore. It is possible for there to be multiple
different concrete implementations, where each implementation is that for a particular type
of keystore.
Currently, two command-line tools (keytool and jarsigner) and a GUI-based tool named Policy Tool
make use of keystore implementations. Since KeyStore is publicly available, JDK users can write
additional security applications that use it.
There is a built-in default implementation, provided by Sun Microsystems. It implements the
keystore as a file, utilizing a proprietary keystore type (format) named "JKS". It protects each
private key with its individual password, and also protects the integrity of the entire keystore
with a (possibly different) password.
Keystore implementations are provider-based. More specifically, the application
interfaces supplied by KeyStore are implemented in terms of a "Service Provider Interface" (SPI).
That is, there is a corresponding abstract KeystoreSpi class, also in the java.security package,
which defines the Service Provider Interface methods that "providers" must implement.
(The term "provider" refers to a package or a set of packages that supply a concrete
implementation of a subset of services that can be accessed by the Java Security API.) Thus,
to provide a keystore implementation, clients must implement a "provider" and supply a
KeystoreSpi subclass implementation, as described in How to Implement a Provider for the Java
Cryptography Architecture.
Applications can choose different types of keystore implementations from different providers,
using the "getInstance" factory method supplied in the KeyStore class. A keystore type defines
the storage and data format of the keystore information, and the algorithms used to protect
private keys in the keystore and the integrity of the keystore itself. Keystore implementations
of different types are not compatible.
keytool works on any file-based keystore implementation. (It treats the keytore location that
is passed to it at the command line as a filename and converts it to a FileInputStream, from
which it loads the keystore information.) The jarsigner and policytool tools, on the other
hand, can read a keystore from any location that can be specified using a URL.
For keytool and jarsigner, you can specify a keystore type at the command line, via the
-storetype option. For Policy Tool, you can specify a keystore type via the "Change Keystore"
command in the Edit menu.
If you don't explicitly specify a keystore type, the tools choose a keystore implementation
based simply on the value of the keystore.type property specified in the security properties
file. The security properties file is called java.security, and it resides in the JDK security
properties directory, java.home\lib\security, where java.home is the runtime environment's
directory (the jre directory in the SDK or the top-level directory of the Java 2 Runtime
Environment).
Each tool gets the keystore.type value and then examines all the currently-installed providers until it finds one that implements keystores of that type. It then uses the keystore implementation from that provider.
The KeyStore class defines a static method named getDefaultType that lets applications and applets retrieve the value of the keystore.type property. The following line of code creates an instance of the default keystore type (as specified in the keystore.type property):
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
The default keystore type is "jks" (the proprietary type of the keystore implementation provided by Sun). This is specified by the following line in the security properties file:
keystore.type=jks
To have the tools utilize a keystore implementation other than the default, you can change that line to specify a different keystore type.
For example, if you have a provider package that supplies a keystore implementation for a keystore type called "pkcs12", change the line to
keystore.type=pkcs12
Note: case doesn't matter in keystore type designations. For example, "JKS" would be considered the same as "jks".
Supported Algorithms and Key Sizes
keytool allows users to specify any key pair generation and signature algorithm supplied by any of the registered cryptographic service providers. That is, the keyalg and sigalg options for various commands must be supported by a provider implementation. The default key pair generation algorithm is "DSA". The signature algorithm is derived from the algorithm of the underlying private key: If the underlying private key is of type "DSA", the default signature algorithm is "SHA1withDSA", and if the underlying private key is of type "RSA", the default signature algorithm is "MD5withRSA".
When generating a DSA key pair, the key size must be in the range from 512 to 1024 bits, and must be a multiple of 64. The default key size for any algorithm is 1024 bits.
Certificates
A certificate (also known as a public-key certificate) is a digitally signed statement from one entity (the issuer), saying that the public key (and some other information) of another entity (the subject) has some specific value.
Let us expand on some of the key terms used in this sentence:
Public Keys
These are numbers associated with a particular entity, and are intended to be known to everyone who needs to have trusted interactions with that entity. Public keys are used to verify signatures.
Digitally Signed
If some data is digitally signed it has been stored with the "identity" of an entity, and a signature that proves that entity knows about the data. The data is rendered unforgeable by signing with the entity's private key.
Identity
A known way of addressing an entity. In some systems the identity is the public key, in others it can be anything from a Unix UID to an Email address to an X.509 Distinguished Name.
Signature
A signature is computed over some data using the private key of an entity (the signer, which in the case of a certificate is also known as the issuer).
Private Keys
These are numbers, each of which is supposed to be known only to the particular entity whose private key it is (that is, it's supposed to be kept secret). Private and public keys exist in pairs in all public key cryptography systems (also referred to as "public key crypto systems"). In a typical public key crypto system, such as DSA, a private key corresponds to exactly one public key. Private keys are used to compute signatures.
Entity
An entity is a person, organization, program, computer, business, bank, or something else you are trusting to some degree.
Basically, public key cryptography requires access to users' public keys. In a large-scale networked environment it is impossible to guarantee that prior relationships between communicating entities have been established or that a trusted repository exists with all used public keys. Certificates were invented as a solution to this public key distribution problem. Now a Certification Authority (CA) can act as a trusted third party. CAs are entities (for example, businesses) that are trusted to sign (issue) certificates for other entities. It is assumed that CAs will only create valid and reliable certificates, as they are bound by legal agreements. There are many public Certification Authorities, such as VeriSign, Thawte, Entrust, and so on. You can also run your own Certification Authority using products such as the Netscape/Microsoft Certificate Servers or the Entrust CA product for your organization.
Using keytool, it is possible to display, import, and export certificates. It is also possible to generate self-signed certificates.
keytool currently handles X.509 certificates.
X.509 Certificates
The X.509 standard defines what information can go into a certificate, and describes how to write it down (the data format). All X.509 certificates have the following data, in addition to the signature:
Version
This identifies which version of the X.509 standard applies to this certificate, which affects what information can be specified in it. Thus far, three versions are defined. keytool can import and export v1, v2, and v3 certificates. It generates v1 certificates.
Serial Number
The entity that created the certificate is responsible for assigning it a serial number to distinguish it from other certificates it issues. This information is used in numerous ways, for example when a certificate is revoked its serial number is placed in a Certificate Revocation List (CRL).
Signature Algorithm Identifier
This identifies the algorithm used by the CA to sign the certificate.
Issuer Name
The X.500 Distinguished Name of the entity that signed the certificate. This is normally a CA. Using this certificate implies trusting the entity that signed this certificate. (Note that in some cases, such as root or top-level CA certificates, the issuer signs its own certificate.)
Validity Period
Each certificate is valid only for a limited amount of time. This period is described by a start date and time and an end date and time, and can be as short as a few seconds or almost as long as a century. The validity period chosen depends on a number of factors, such as the strength of the private key used to sign the certificate or the amount one is willing to pay for a certificate. This is the expected period that entities can rely on the public value, if the associated private key has not been compromised.
Subject Name
The name of the entity whose public key the certificate identifies. This name uses the X.500 standard, so it is intended to be unique across the Internet. This is the X.500 Distinguished Name (DN) of the entity, for example,
CN=Java Duke, OU=Java Software Division, O=Sun Microsystems Inc, C=US
(These refer to the subject's Common Name, Organizational Unit, Organization, and Country.)
Subject Public Key Information
This is the public key of the entity being named, together with an algorithm identifier which specifies which public key crypto system this key belongs to and any associated key parameters.
X.509 Version 1 has been available since 1988, is widely deployed, and is the most generic.
X.509 Version 2 introduced the concept of subject and issuer unique identifiers to handle the possibility of reuse of subject and/or issuer names over time. Most certificate profile documents strongly recommend that names not be reused, and that certificates should not make use of unique identifiers. Version 2 certificates are not widely used.
X.509 Version 3 is the most recent (1996) and supports the notion of extensions, whereby anyone can define an extension and include it in the certificate. Some common extensions in use today are: KeyUsage (limits the use of the keys to particular purposes such as "signing-only") and AlternativeNames (allows other identities to also be associated with this public key, e.g. DNS names, Email addresses, IP addresses). Extensions can be marked critical to indicate that the extension should be checked and enforced/used. For example, if a certificate has the KeyUsage extension marked critical and set to "keyCertSign" then if this certificate is presented during SSL communication, it should be rejected, as the certificate extension indicates that the associated private key should only be used for signing certificates and not for SSL use.
All the data in a certificate is encoded using two related standards called ASN.1/DER. Abstract Syntax Notation 1 describes data. The Definite Encoding Rules describe a single way to store and transfer that data.
X.500 Distinguished Names
X.500 Distinguished Names are used to identify entities, such as those which are named by the subject and issuer (signer) fields of X.509 certificates. keytool supports the following subparts:
commonName - common name of a person, e.g., "Susan Jones"
organizationUnit - small organization (e.g, department or division) name, e.g., "Purchasing"
organizationName - large organization name, e.g., "ABCSystems, Inc."
localityName - locality (city) name, e.g., "Palo Alto"
stateName - state or province name, e.g., "California"
country - two-letter country code, e.g., "CH"
When supplying a distinguished name string as the value of a -dname option, as for the -genkey or -selfcert commands, the string must be in the following format:
CN=cName, OU=orgUnit, O=org, L=city, S=state, C=countryCode
where all the italicized items represent actual values and the above keywords are abbreviations for the following:
CN=commonName
OU=organizationUnit
O=organizationName
L=localityName
S=stateName
C=country
A sample distinguished name string is
CN=Mark Smith, OU=JavaSoft, O=Sun, L=Cupertino, S=California, C=US
and a sample command using such a string is
keytool -genkey -dname "CN=Mark Smith, OU=JavaSoft, O=Sun, L=Cupertino,
S=California, C=US" -alias mark
Case does not matter for the keyword abbreviations. For example, "CN", "cn", and "Cn" are all treated the same.
Order matters; each subcomponent must appear in the designated order. However, it is not necessary to have all the subcomponents. You may use a subset, for example:
CN=Steve Meier, OU=SunSoft, O=Sun, C=US
If a distinguished name string value contains a comma, the comma must be escaped by a "\" character when you specify the string on a command line, as in
cn=peter schuster, o=Sun Microsystems\, Inc., o=sun, c=us
It is never necessary to specify a distinguished name string on a command line. If it is needed for a command, but not supplied on the command line, the user is prompted for each of the subcomponents. In this case, a comma does not need to be escaped by a "\".
The Internet RFC 1421 Certificate Encoding Standard
Certificates are often stored using the printable encoding format defined by the Internet RFC 1421 standard, instead of their binary encoding. This certificate format, also known as "Base 64 encoding", facilitates exporting certificates to other applications by email or through some other mechanism.
Certificates read by the -import and -printcert commands can be in either this format or binary encoded.
The -export command by default outputs a certificate in binary encoding, but will instead output a certificate in the printable encoding format, if the -rfc option is specified.
The -list command by default prints the MD5 fingerprint of a certificate. If the -v option is specified, the certificate is printed in human-readable format, while if the -rfc option is specified, the certificate is output in the printable encoding format.
In its printable encoding format, the encoded certificate is bounded at the beginning by
-----BEGIN CERTIFICATE-----
and at the end by
-----END CERTIFICATE-----
Certificate Chains
keytool can create and manage keystore "key" entries that each contain a private key and an associated certificate "chain". The first certificate in the chain contains the public key corresponding to the private key.
When keys are first generated (see the -genkey command), the chain starts off containing a single element, a self-signed certificate. A self-signed certificate is one for which the issuer (signer) is the same as the subject (the entity whose public key is being authenticated by the certificate). Whenever the -genkey command is called to generate a new public/private key pair, it also wraps the public key into a self-signed certificate.
Later, after a Certificate Signing Request (CSR) has been generated (see the -certreq command) and sent to a Certification Authority (CA), the response from the CA is imported (see -import), and the self-signed certificate is replaced by a chain of certificates. At the bottom of the chain is the certificate (reply) issued by the CA authenticating the subject's public key. The next certificate in the chain is one that authenticates the CA's public key.
In many cases, this is a self-signed certificate (that is, a certificate from the CA authenticating its own public key) and the last certificate in the chain. In other cases, the CA may return a chain of certificates. In this case, the bottom certificate in the chain is the same (a certificate signed by the CA, authenticating the public key of the key entry), but the second certificate in the chain is a certificate signed by a different CA, authenticating the public key of the CA you sent the CSR to. Then, the next certificate in the chain will be a certificate authenticating the second CA's key, and so on, until a self-signed "root" certificate is reached. Each certificate in the chain (after the first) thus authenticates the public key of the signer of the previous certificate in the chain.
Many CAs only return the issued certificate, with no supporting chain, especially when there is a flat hierarchy (no intermediates CAs). In this case, the certificate chain must be established from trusted certificate information already stored in the keystore.
A different reply format (defined by the PKCS#7 standard) also includes the supporting certificate chain, in addition to the issued certificate. Both reply formats can be handled by keytool.
The top-level (root) CA certificate is self-signed. However, the trust into the root's public key does not come from the root certificate itself (anybody could generate a self-signed certificate with the distinguished name of say, the VeriSign root CA!), but from other sources like a newspaper. The root CA public key is widely known. The only reason it is stored in a certificate is because this is the format understood by most tools, so the certificate in this case is only used as a "vehicle" to transport the root CA's public key. Before you add the root CA certificate to your keystore, you should view it (using the -printcert option) and compare the displayed fingerprint with the well-known fingerprint (obtained from a newspaper, the root CA's webpage, etc.).
Importing Certificates
To import a certificate from a file, use the -import command, as in
keytool -import -alias joe -file jcertfile.cer
This sample command imports the certificate(s) in the file jcertfile.cer and stores it in the keystore entry identified by the alias joe.
You import a certificate for two reasons:
to add it to the list of trusted certificates, or
to import a certificate reply received from a CA as the result of submitting a Certificate Signing Request (see the -certreq command) to that CA.
Which type of import is intended is indicated by the value of the -alias option. If the alias exists in the database, and identifies an entry with a private key, then it is assumed you want to import a certificate reply. keytool checks whether the public key in the certificate reply matches the public key stored with the alias, and exits if they are different. If the alias identifies the other type of keystore entry, the certificate will not be imported. If the alias does not exist, then it will be created and associated with the imported certificate.
WARNING Regarding Importing Trusted Certificates
IMPORTANT: Be sure to check a certificate very carefully before importing it as a trusted certificate!
View it first (using the -printcert command, or the -import command without the -noprompt option), and make sure that the displayed certificate fingerprint(s) match the expected ones. For example, suppose someone sends or emails you a certificate, and you put it in a file named /tmp/cert. Before you consider adding the certificate to your list of trusted certificates, you can execute a -printcert command to view its fingerprints, as in
keytool -printcert -file /tmp/cert
Owner: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll
Issuer: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll
Serial Number: 59092b34
Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13 PST 1997
Certificate Fingerprints:
MD5: 11:81:AD:92:C8:E5:0E:A2:01:2E:D4:7A:D7:5F:07:6F
SHA1: 20:B6:17:FA:EF:E5:55:8A:D0:71:1F:E8:D6:9D:C0:37:13:0E:5E:FE
Then call or otherwise contact the person who sent the certificate, and compare the fingerprint(s) that you see with the ones that they show. Only if the fingerprints are equal is it guaranteed that the certificate has not been replaced in transit with somebody else's (for example, an attacker's) certificate. If such an attack took place, and you did not check the certificate before you imported it, you would end up trusting anything the attacker has signed (for example, a JAR file with malicious class files inside).
Note: it is not required that you execute a -printcert command prior to importing a certificate, since before adding a certificate to the list of trusted certificates in the keystore, the -import command prints out the certificate information and prompts you to verify it. You then have the option of aborting the import operation. Note, however, this is only the case if you invoke the -import command without the -noprompt option. If the -noprompt option is given, there is no interaction with the user.
Exporting Certificates
To export a certificate to a file, use the -export command, as in
keytool -export -alias jane -file janecertfile.cer
This sample command exports jane's certificate to the file janecertfile.cer. That is, if jane is the alias for a key entry, the command exports the certificate at the bottom of the certificate chain in that keystore entry. This is the certificate that authenticates jane's public key.
If, instead, jane is the alias for a trusted certificate entry, then that trusted certificate is exported.
Displaying Certificates
To print out the contents of a keystore entry, use the -list command, as in
keytool -list -alias joe
If you don't specify an alias, as in
keytool -list
the contents of the entire keystore are printed.
To display the contents of a certificate stored in a file, use the -printcert command, as in
keytool -printcert -file certfile.cer
This displays information about the certificate stored in the file certfile.cer.
Note: This works independently of a keystore, i.e., you do not need a keystore in order to display a certificate that's stored in a file.
Generating a self-signed certificate
A self-signed certificate is one for which the issuer (signer) is the same as the subject (the entity whose public key is being authenticated by the certificate). Whenever the -genkey command is called to generate a new public/private key pair, it also wraps the public key into a self-signed certificate.
You may occasionally wish to generate a new self-signed certificate. For example, you may want to use the same key pair under a different identity (distinguished name). For example, suppose you change departments. You can then:
copy (clone) the original key entry. See -keyclone.
generate a new self-signed certificate for the cloned entry, using your new distinguished name. See below.
generate a Certificate Signing Requests for the cloned entry, and import the reply certificate or certificate chain. See the -certreq and -import commands.
delete the original (now obsolete) entry. See -delete.
To generate a self-signed certificate, use the -selfcert command, as in
keytool -selfcert -alias dukeNew -keypass b92kqmp
-dname "cn=Duke Smith, ou=Purchasing, o=BlueSoft, c=US"
The generated certificate is stored as a single-element certificate chain in the keystore entry identified by the specified alias (in this case "dukeNew"), where it replaces the existing certificate chain.
COMMAND AND OPTION NOTES
The various commands and their options are listed and described below . Note:
All command and option names are preceded by a minus sign (-).
The options for each command may be provided in any order.
All items not italicized or in braces or square brackets are required to appear as is.
Braces surrounding an option generally signify that a default value will be used if the option is not specified on the command line. Braces are also used around the -v, -rfc, and -J options, which only have meaning if they appear on the command line (that is, they don't have any "default" values other than not existing).
Brackets surrounding an option signify that the user is prompted for the value(s) if the option is not specified on the command line. (For a -keypass option, if you do not specify the option on the command line, keytool will first attempt to use the keystore password to recover the private key, and if this fails, will then prompt you for the private key password.)
Items in italics (option values) represent the actual values that must be supplied. For example, here is the format of the -printcert command:
keytool -printcert {-file cert_file} {-v}
When specifying a -printcert command, replace cert_file with the actual file name, as in:
keytool -printcert -file VScert.cer
Option values must be quoted if they contain a blank (space).
The -help command is the default. Thus, the command line
keytool
is equivalent to
keytool -help
Option Defaults
Below are the defaults for various option values.
-alias "mykey"
-keyalg "DSA"
-keysize 1024
-validity 90
-keystore the file named .keystore in the user's home directory
-file stdin if reading, stdout if writing
The signature algorithm (-sigalg option) is derived from the algorithm of the underlying private key: If the underlying private key is of type "DSA", the -sigalg option defaults to "SHA1withDSA", and if the underlying private key is of type "RSA", -sigalg defaults to "MD5withRSA".
Options that Appear for Most Commands
The -v option can appear for all commands except -help. If it appears, it signifies "verbose" mode; detailed certificate information will be output.
There is also a -Jjavaoption option that may appear for any command. If it appears, the specified javaoption string is passed through directly to the Java interpreter. (keytool is actually a "wrapper" around the interpreter.) This option should not contain any spaces. It is useful for adjusting the execution environment or memory usage. For a list of possible interpreter options, type java -h or java -X at the command line.
These options may appear for all commands operating on a keystore:
-storetype storetype
This qualifier specifies the type of keystore to be instantiated. The default keystore type is the one that is specified as the value of the "keystore.type" property in the security properties file, which is returned by the static getDefaultType method in java.security.KeyStore.
-keystore keystore
The keystore (database file) location. Defaults to the file .keystore in the user's home directory, as determined by the "user.home" system property, whose value is described in Keystore Location.
-storepass storepass
The password which is used to protect the integrity of the keystore.
storepass must be at least 6 characters long. It must be provided to all commands that access the keystore contents. For such commands, if a -storepass option is not provided at the command line, the user is prompted for it.
When retrieving information from the keystore, the password is optional; if no password is given, the integrity of the retrieved information cannot be checked and a warning is displayed.
Be careful with passwords - see Warning Regarding Passwords.
-provider provider-class-name
Used to specify the name of cryptographic service provider's master class file when the service provider is not listed in the security properties file.
Warning Regarding Passwords
Most commands operating on a keystore require the store password. Some commands require a private key password.
Passwords can be specified on the command line (in the -storepass and -keypass options, respectively). However, a password should not be specified on a command line or in a script unless it is for testing purposes, or you are on a secure system.
If you don't specify a required password option on a command line, you will be prompted for it. When typing in a password at the password prompt, the password is currently echoed (displayed exactly as typed), so be careful not to type it in front of anyone.
COMMANDS
See also the Command and Option Notes.
Adding Data to the Keystore
-genkey {-alias alias} {-keyalg keyalg} {-keysize keysize} {-sigalg sigalg} [-dname dname] [-keypass keypass] {-validity valDays} {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption}
Generates a key pair (a public key and associated private key). Wraps the public key into an X.509 v1 self-signed certificate, which is stored as a single-element certificate chain. This certificate chain and the private key are stored in a new keystore entry identified by alias.
keyalg specifies the algorithm to be used to generate the key pair, and keysize specifies the size of each key to be generated. sigalg specifies the algorithm that should be used to sign the self-signed certificate; this algorithm must be compatible with keyalg. See Supported Algorithms and Key Sizes.
dname specifies the X.500 Distinguished Name to be associated with alias, and is used as the issuer and subject fields in the self-signed certificate. If no distinguished name is provided at the command line, the user will be prompted for one.
keypass is a password used to protect the private key of the generated key pair. If no password is provided, the user is prompted for it. If you press RETURN at the prompt, the key password is set to the same password as that used for the keystore. keypass must be at least 6 characters long. Be careful with passwords - see Warning Regarding Passwords.
valDays tells the number of days for which the certificate should be considered valid.
-import {-alias alias} {-file cert_file} [-keypass keypass] {-noprompt} {-trustcacerts} {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption}
Reads the certificate or certificate chain (where the latter is supplied in a PKCS#7 formatted reply) from the file cert_file, and stores it in the keystore entry identified by alias. If no file is given, the certificate or PKCS#7 reply is read from stdin. keytool can import X.509 v1, v2, and v3 certificates, and PKCS#7 formatted certificate chains consisting of certificates of that type. The data to be imported must be provided either in binary encoding format, or in printable encoding format (also known as Base64 encoding) as defined by the Internet RFC 1421 standard. In the latter case, the encoding must be bounded at the beginning by a string that starts with "-----BEGIN", and bounded at the end by a string that starts with "-----END".
When importing a new trusted certificate, alias must not yet exist in the keystore. Before adding the certificate to the keystore, keytool tries to verify it by attempting to construct a chain of trust from that certificate to a self-signed certificate (belonging to a root CA), using trusted certificates that are already available in the keystore.
If the -trustcacerts option has been specified, additional certificates are considered for the chain of trust, namely the certificates in a file named "cacerts", which resides in the JDK security properties directory, java.home\lib\security, where java.home is the runtime environment's directory (the jre directory in the SDK or the top-level directory of the Java 2 Runtime Environment). The "cacerts" file represents a system-wide keystore with CA certificates. System administrators can configure and manage that file using keytool, specifying "jks" as the keystore type. The "cacerts" keystore file ships with five VeriSign root CA certificates with the following X.500 distinguished names:
1. OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.",
C=US
2. OU=Class 2 Public Primary Certification Authority, O="VeriSign,
Inc.", C=US
3. OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
4. OU=Class 4 Public Primary Certification
Authority, O="VeriSign, Inc.", C=US
5. OU=Secure Server Certification
Authority, O="RSA Data Security, Inc.", C=US
The initial password of the "cacerts" keystore file is "changeit". System administrators should change that password and the default access permission of that file upon installing the JDK.
If keytool fails to establish a trust path from the certificate to be imported up to a self-signed certificate (either from the keystore or the "cacerts" file), the certificate information is printed out, and the user is prompted to verify it, e.g., by comparing the displayed certificate fingerprints with the fingerprints obtained from some other (trusted) source of information, which might be the certificate owner himself/herself. Be very careful to ensure the certificate is valid prior to importing it as a "trusted" certificate! -- see WARNING Regarding Importing Trusted Certificates. The user then has the option of aborting the import operation. If the -noprompt option is given, however, there will be no interaction with the user.
When importing a certificate reply, the certificate reply is validated using trusted certificates from the keystore, and optionally using the certificates configured in the "cacerts" keystore file (if the -trustcacerts option was specified).
If the reply is a single X.509 certificate, keytool attempts to establish a trust chain, starting at the certificate reply and ending at a self-signed certificate (belonging to a root CA). The certificate reply and the hierarchy of certificates used to authenticate the certificate reply form the new certificate chain of alias.
If the reply is a PKCS#7 formatted certificate chain, the chain is first ordered (with the user certificate first and the self-signed root CA certificate last), before keytool attempts to match the root CA certificate provided in the reply with any of the trusted certificates in the keystore or the "cacerts" keystore file (if the -trustcacerts option was specified). If no match can be found, the information of the root CA certificate is printed out, and the user is prompted to verify it, e.g., by comparing the displayed certificate fingerprints with the fingerprints obtained from some other (trusted) source of information, which might be the root CA itself. The user then has the option of aborting the import operation. If the -noprompt option is given, however, there will be no interaction with the user.
The new certificate chain of alias replaces the old certificate chain associated with this entry. The old chain can only be replaced if a valid keypass, the password used to protect the private key of the entry, is supplied. If no password is provided, and the private key password is different from the keystore password, the user is prompted for it. Be careful with passwords - see Warning Regarding Passwords.
-selfcert {-alias alias} {-sigalg sigalg} {-dname dname} {-validity valDays} [-keypass keypass] {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption}
Generates an X.509 v1 self-signed certificate, using keystore information including the private key and public key associated with alias. If dname is supplied at the command line, it is used as the X.500 Distinguished Name for both the issuer and subject of the certificate. Otherwise, the X.500 Distinguished Name associated with alias (at the bottom of its existing certificate chain) is used.
The generated certificate is stored as a single-element certificate chain in the keystore entry identified by alias, where it replaces the existing certificate chain.
sigalg specifies the algorithm that should be used to sign the certificate. See Supported Algorithms and Key Sizes.
In order to access the private key, the appropriate password must be provided, since private keys are protected in the keystore with a password. If keypass is not provided at the command line, and is different from the password used to protect the integrity of the keystore, the user is prompted for it. Be careful with passwords - see Warning Regarding Passwords.
valDays tells the number of days for which the certificate should be considered valid.
-identitydb {-file idb_file} {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption}
Reads the JDK 1.1.x-style identity database from the file idb_file, and adds its entries to the keystore. If no file is given, the identity database is read from stdin. If a keystore does not exist, it is created.
Only identity database entries ("identities") that were marked as trusted will be imported in the keystore. All other identities will be ignored. For each trusted identity, a keystore entry will be created. The identity's name is used as the "alias" for the keystore entry.
The private keys from trusted identities will all be encrypted under the same password, storepass. This is the same password that is used to protect the keystore's integrity. Users can later assign individual passwords to those private keys by using the "-keypasswd" keytool command option.
An identity in an identity database may hold more than one certificate, each certifying the same public key. But a keystore key entry for a private key has that private key and a single "certificate chain" (initially just a single certificate), where the first certificate in the chain contains the public key corresponding to the private key. When importing the information from an identity, only the first certificate of the identity is stored in the keystore. This is because an identity's name in an identity database is used as the alias for its corresponding keystore entry, and alias names are unique within a keystore,
Exporting Data
-certreq {-alias alias} {-sigalg sigalg} {-file certreq_file} [-keypass keypass] {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption}
Generates a Certificate Signing Request (CSR), using the PKCS#10 format.
A CSR is intended to be sent to a certificate authority (CA). The CA will authenticate the certificate requestor (usually off-line) and will return a certificate or certificate chain, used to replace the existing certificate chain (which initially consists of a self-signed certificate) in the keystore.
The private key and X.500 Distinguished Name associated with alias are used to create the PKCS#10 certificate request. In order to access the private key, the appropriate password must be provided, since private keys are protected in the keystore with a password. If keypass is not provided at the command line, and is different from the password used to protect the integrity of the keystore, the user is prompted for it.
Be careful with passwords - see Warning Regarding Passwords.
sigalg specifies the algorithm that should be used to sign the CSR. See Supported Algorithms and Key Sizes.
The CSR is stored in the file certreq_file. If no file is given, the CSR is output to stdout.
Use the import command to import the response from the CA.
-export {-alias alias} {-file cert_file} {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-rfc} {-v} {-Jjavaoption}
Reads (from the keystore) the certificate associated with alias, and stores it in the file cert_file.
If no file is given, the certificate is output to stdout.
The certificate is by default output in binary encoding, but will instead be output in the printable encoding format, as defined by the Internet RFC 1421 standard, if the -rfc option is specified.
If alias refers to a trusted certificate, that certificate is output. Otherwise, alias refers to a key entry with an associated certificate chain. In that case, the first certificate in the chain is returned. This certificate authenticates the public key of the entity addressed by alias.
Displaying Data
-list {-alias alias} {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v | -rfc} {-Jjavaoption}
Prints (to stdout) the contents of the keystore entry identified by alias. If no alias is specified, the contents of the entire keystore are printed.
This command by default prints the MD5 fingerprint of a certificate. If the -v option is specified, the certificate is printed in human-readable format, with additional information such as the owner, issuer, and serial number. If the -rfc option is specified, certificate contents are printed using the printable encoding format, as defined by the Internet RFC 1421 standard
You cannot specify both -v and -rfc.
-printcert {-file cert_file} {-v} {-Jjavaoption}
Reads the certificate from the file cert_file, and prints its contents in a human-readable format. If no file is given, the certificate is read from stdin.
The certificate may be either binary encoded or in printable encoding format, as defined by the Internet RFC 1421 standard.
Note: This option can be used independently of a keystore.
Managing the Keystore
-keyclone {-alias alias} [-dest dest_alias] [-keypass keypass] [-new new_keypass] {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption}
Creates a new keystore entry, which has the same private key and certificate chain as the original entry.
The original entry is identified by alias (which defaults to "mykey" if not provided). The new (destination) entry is identified by dest_alias. If no destination alias is supplied at the command line, the user is prompted for it.
If the private key password is different from the keystore password, then the entry will only be cloned if a valid keypass is supplied. This is the password used to protect the private key associated with alias. If no key password is supplied at the command line, and the private key password is different from the keystore password, the user is prompted for it. The private key in the cloned entry may be protected with a different password, if desired. If no -new option is supplied at the command line, the user is prompted for the new entry's password (and may choose to let it be the same as for the cloned entry's private key).
Be careful with passwords - see Warning Regarding Passwords.
This command can be used to establish multiple certificate chains corresponding to a given key pair, or for backup purposes.
-storepasswd [-new new_storepass] {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption}
Changes the password used to protect the integrity of the keystore contents. The new password is new_storepass, which must be at least 6 characters long.
Be careful with passwords - see Warning Regarding Passwords.
-keypasswd {-alias alias} [-keypass old_keypass] [-new new_keypass] {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption}
Changes the password under which the private key identified by alias is protected, from old_keypass to new_keypass.
If the -keypass option is not provided at the command line, and the private key password is different from the keystore password, the user is prompted for it.
If the -new option is not provided at the command line, the user is prompted for it.
Be careful with passwords - see Warning Regarding Passwords.
-delete [-alias alias] {-storetype storetype} {-keystore keystore} [-storepass storepass] [-provider provider_class_name] {-v} {-Jjavaoption}
Deletes from the keystore the entry identified by alias. The user is prompted for the alias, if no alias is provided at the command line.
Getting Help
-help
Lists all the commands and their options.
EXAMPLES
Suppose you want to create a keystore for managing your public/private key pair and certificates from entities you trust.
Generating Your Key Pair
The first thing you need to do is create a keystore and generate the key pair. You could use a command such as the following:
keytool -genkey -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US"
-alias business -keypass kpi135 -keystore C:\working\mykeystore
-storepass ab987c -validity 180
(Please note: This must be typed as a single line. Multiple lines are used in the examples just for legibility purposes.)
This command creates the keystore named "mykeystore" in the "working" directory on the C drive (assuming it doesn't already exist), and assigns it the password "ab987c". It generates a public/private key pair for the entity whose "distinguished name" has a common name of "Mark Jones", organizational unit of "JavaSoft", organization of "Sun" and two-letter country code of "US". It uses the default "DSA" key generation algorithm to create the keys, both 1024 bits long.
It creates a self-signed certificate (using the default "SHA1withDSA" signature algorithm) that includes the public key and the distinguished name information. This certificate will be valid for 180 days, and is associated with the private key in a keystore entry referred to by the alias "business". The private key is assigned the password "kpi135".
The command could be significantly shorter if option defaults were accepted. As a matter of fact, no options are required; defaults are used for unspecified options that have default values, and you are prompted for any required values. Thus, you could simply have the following:
keytool -genkey
In this case, a keystore entry with alias "mykey" is created, with a newly-generated key pair and a certificate that is valid for 90 days. This entry is placed in the keystore named ".keystore" in your home directory. (The keystore is created if it doesn't already exist.) You will be prompted for the distinguished name information, the keystore password, and the private key password.
The rest of the examples assume you executed the -genkey command without options specified, and that you responded to the prompts with values equal to those given in the first -genkey command, above (a private key password of "kpi135", etc.)
Requesting a Signed Certificate from a Certification Authority
So far all we've got is a self-signed certificate. A certificate is more likely to be trusted by others if it is signed by a Certification Authority (CA). To get such a signature, you first generate a Certificate Signing Request (CSR), via the following:
keytool -certreq -file MarkJ.csr
This creates a CSR (for the entity identified by the default alias "mykey") and puts the request in the file named "MarkJ.csr". Submit this file to a CA, such as VeriSign, Inc. The CA will authenticate you, the requestor (usually off-line), and then will return a certificate, signed by them, authenticating your public key. (In some cases, they will actually return a chain of certificates, each one authenticating the public key of the signer of the previous certificate in the chain.)
Importing a Certificate for the CA
You need to replace your self-signed certificate with a certificate chain, where each certificate in the chain authenticates the public key of the signer of the previous certificate in the chain, up to a "root" CA.
Before you import the certificate reply from a CA, you need one or more "trusted certificates" in your keystore or in the cacerts keystore file (which is described in import command):
If the certificate reply is a certificate chain, you just need the top certificate of the chain (that is, the "root" CA certificate authenticating that CA's public key).
If the certificate reply is a single certificate, you need a certificate for the issuing CA (the one that signed it), and if that certificate is not self-signed, you need a certificate for its signer, and so on, up to a self-signed "root" CA certificate.
The "cacerts" keystore file ships with five VeriSign root CA certificates, so you probably won't need to import a VeriSign certificate as a trusted certificate in your keystore. But if you request a signed certificate from a different CA, and a certificate authenticating that CA's public key hasn't been added to "cacerts", you will need to import a certificate from the CA as a "trusted certificate".
A certificate from a CA is usually either self-signed, or signed by another CA (in which case you also need a certificate authenticating that CA's public key). Suppose company ABC, Inc., is a CA, and you obtain a file named "ABCCA.cer" that is purportedly a self-signed certificate from ABC, authenticating that CA's public key.
Be very careful to ensure the certificate is valid prior to importing it as a "trusted" certificate! View it first (using the keytool -printcert command, or the keytool -import command without the -noprompt option), and make sure that the displayed certificate fingerprint(s) match the expected ones. You can call the person who sent the certificate, and compare the fingerprint(s) that you see with the ones that they show (or that a secure public key repository shows). Only if the fingerprints are equal is it guaranteed that the certificate has not been replaced in transit with somebody else's (for example, an attacker's) certificate. If such an attack took place, and you did not check the certificate before you imported it, you would end up trusting anything the attacker has signed.
If you trust that the certificate is valid, then you can add it to your keystore via the following:
keytool -import -alias abc -file ABCCA.cer
This creates a "trusted certificate" entry in the keystore, with the data from the file "ABCCA.cer", and assigns the alias "abc" to the entry.
Importing the Certificate Reply from the CA
Once you've imported a certificate authenticating the public key of the CA you submitted your certificate signing request to (or there's already such a certificate in the "cacerts" file), you can import the certificate reply and thereby replace your self-signed certificate with a certificate chain. This chain is the one returned by the CA in response to your request (if the CA reply is a chain), or one constructed (if the CA reply is a single certificate) using the certificate reply and trusted certificates that are already available in the keystore where you import the reply or in the "cacerts" keystore file.
For example, suppose you sent your certificate signing request to VeriSign. You can then import the reply via the following, which assumes the returned certificate is named "VSMarkJ.cer":
keytool -import -trustcacerts -file VSMarkJ.cer
Exporting a Certificate Authenticating Your Public Key
Suppose you have used the jarsigner tool to sign a Java ARchive (JAR) file. Clients that want to use the file will want to authenticate your signature.
One way they can do this is by first importing your public key certificate into their keystore as a "trusted" entry. You can export the certificate and supply it to your clients. As an example, you can copy your certificate to a file named MJ.cer via the following, assuming the entry is aliased by "mykey":
keytool -export -alias mykey -file MJ.cer
Given that certificate, and the signed JAR file, a client can use the jarsigner tool to authenticate your signature.
Changing Your Distinguished Name but Keeping your Key Pair
Suppose your distinguished name changes, for example because you have changed departments or moved to a different city. If desired, you may still use the public/private key pair you've previously used, and yet update your distinguished name. For example, suppose your name is Susan Miller, and you created your initial key entry with the alias sMiller and the distinguished name
"cn=Susan Miller, ou=Finance Department, o=BlueSoft, c=us"
Suppose you change from the Finance Department to the Accounting Department. You can still use the previously-generated public/private key pair and yet update your distinguished name by doing the following. First, copy (clone) your key entry:
keytool -keyclone -alias sMiller -dest sMillerNew
(This prompts for the store password and for the initial and destination private key passwords, since they aren't provided at the command line.) Now you need to change the certificate chain associated with the copy, so that the first certificate in the chain uses your different distinguished name. Start by generating a self-signed certificate with the appropriate name:
keytool -selfcert -alias sMillerNew
-dname "cn=Susan Miller, ou=Accounting Department, o=BlueSoft, c=us"
Then generate a Certificate Signing Request based on the information in this new certificate:
keytool -certreq -alias sMillerNew
When you get the CA certificate reply, import it:
keytool -import -alias sMillerNew -file VSSMillerNew.cer
After importing the certificate reply, you may want to remove the initial key entry that used your old distinguished name:
keytool -delete -alias sMiller
SEE ALSO
jar tool documentation
jarsigner tool documentation
the Security trail of the Java Tutorial for examples of the use of keytool

BIN
docs/combined.doc Normal file
View File

Binary file not shown.

69
docs/dcom.txt Normal file
View File

@@ -0,0 +1,69 @@
At 11:00 AM 6/17/98 -0400, Don Kendrick wrote:
>Greetings,
>
>I'm being rushed into a project that will involve putting a component on my
>NT web server that will talk to various MS boxes internally. They are
>proposing to use DCOM. A quick look at DCOM shows me that they are basically
>doing RPC stuff and of course I'm not a real fan of RPC.
This probably deserves to have a book written on it (by someone other than
myself).
Last time I checked about DCOM, there were several issues that would make
me a little hesitant to use DCOM over public networks, for several reasons:
1. As you pointed out, DCOM uses MSRPC. RPC is pretty complicated; it's
also pretty new. This suggests that it's not well understood in general.
MSRPC can use a host of transports: names pipes, TCP, and Netbios over TCP.
Given that all the default services that ship in NT use named pipes, and
that named pipes use SMB, you have to open port 139 to allow your DCOM
stuff in from your web server. Having 139 open allows access in to a
number of services (like file and print, for example).
If you really want to do this, it's a good idea to specify TCP as the
transport and only punch holes in the firewall for specific services that
are needed. Also, it's better (from a security point of view) if the
developer specified static endpoints on the server - this way the client
doesn't need to connect to port 135. However, if the developer wasn't
security-aware, you may be stuck with dynamic endpoints. In this case,
your server's exposure will be much worse, and your firewall administrator
will find herself living in interesting times.
2. MSRPC currently only supports NTLM authentication, which is neither
amazingly strong or amazingly flexible. Make sure that both client and
server are running NT 4.0 Service pack 3: that way if you have to use named
pipes you can use the SMB message signing feature for integrity checking.
Again, if you want to use TCP for transport, the developer has to have
added support for fully encrypted RPC, or your sessions will be vulnerable
to insertion or hijacking attacks.
Overall, NT 5.0 is likely to be a win. Kerberos supports mutual
authentication and proxying of user credentials. You may be better off
stalling installation until 5.0 is out.
3. Don't have any hard evidence of this, but there's reason to suspect that
interesting RPC packets might cause Blue Screen Of Death. Opening up too
much through the firewall can potentially provide an avenue for DoS attacks.
Note that these are my opinion's not my employer's, and I might be nuts anyway.
- Ted
Microsoft's MSRPC uses TCP port 135 and requires high ports 1024-65535 to be open. An example of the conduit command statements are:
conduit permit tcp host 204.31.17.1 eq 135 any
conduit permit tcp host 204.31.17.1 range 1024 65535 any
/sbin/ipfwadm -I -a accept -c -W ppp0 -P tcp -S 0.0.0.0/0 135 -D 192.168.1.2
/sbin/ipfwadm -I -a accept -c -W ppp0 -P tcp -S 0.0.0.0/0 1024:65535 -D 192.168.1.2

1
docs/javaargs.txt Normal file
View File

@@ -0,0 +1 @@
-Xdebug -Xrunjdwp:transport=dt_socket,address=45678,server=y,suspend=n

990
docs/perm.txt Normal file
View File

@@ -0,0 +1,990 @@
Permissions in the JavaTM 2 SDK
Last Modified: 30 October, 1998
A permission represents access to a system resource. In order for a resource access to
be allowed for an applet (or an application running with a security manager),
the corresponding permission must be explicitly granted to the code attempting the access.
A permission typically has a name (often referred to as a "target name") and, in some
cases, a comma-separated list of one or more actions. For example, the following code
creates a FilePermission object representing read access to the file named abc in
the /tmp directory:
perm = new java.io.FilePermission("/tmp/abc", "read");
In this, the target name is "/tmp/abc" and the action string is "read".
Important: The above statement creates a permission object. A permission object represents,
but does not grant access to, a system resource. Permission objects are constructed and
assigned ("granted") to code based on the policy in effect. When a permission object
is assigned to some code, that code is granted the permission to access the system resource
specified in the permission object, in the specified manner. A permission object may
also be constructed by the current security manager when making access decisions.
In this case, the (target) permission object is created based on the requested access,
and checked against the permission objects granted to and held by the code making the
request.
The policy for a Java application environment is represented by a Policy object. In the
default Policy implementation, the policy can be specified within one or more policy
configuration files. The policy file(s) specify what permissions are allowed for
code from specified code sources. A sample policy file entry granting code from
the /home/sysadmin directory read access to the file /tmp/abc is
grant codeBase "file:/home/sysadmin/" {
permission java.io.FilePermission "/tmp/abc", "read";
};
For information about policy file locations and granting permissions in policy files,
see Default Policy Implementation and Policy File Syntax. For information about using
the Policy Tool to specify the permissions, see the Policy Tool documentation
(for Solaris) (for Windows). Using the Policy Tool saves typing and eliminates the
need for you to know the required syntax of policy files.
Technically, whenever a resource access is attempted, all code traversed by the execution
thread up to that point must have permission for that resource access, unless some
code on the thread has been marked as "privileged." See API for Privileged Blocks for
more information about "privileged" code.
This document contains tables that describe the built-in JDK 1.2 permission types and
discuss the risks of granting each permission. It also contains tables showing the methods
that require permissions to be in effect in order to be successful, and for each lists the
required permission.
The tables are the following:
Permission Descriptions and Risks
AllPermission
AWTPermission
FilePermission
NetPermission
PropertyPermission
ReflectPermission
RuntimePermission
SecurityPermission
SerializablePermission
SocketPermission
Methods and the Permissions They Require
java.lang.SecurityManager Method Permission Checks
For more information about permissions, including the superclasses java.security.Permission and java.security.BasicPermission, and examples of creating permission objects and granting permissions, see the Security Architecture Specification.
--------------------------------------------------------------------------------
Permission Descriptions and Risks
The following tables describe the built-in JDK 1.2 permission types and discuss the risks
of granting each permission.
AllPermission
The java.security.AllPermission is a permission that implies all other permissions.
Note: Granting AllPermission should be done with extreme care, as it implies all other
permissions. Thus, it grants code the ability to run with security disabled. Extreme
caution should be taken before granting such a permission to code. This permission should be
used only during testing, or in extremely rare cases where an application or applet is
completely trusted and adding the necessary permissions to the policy is prohibitively cumbersome.
AWTPermission
A java.awt.AWTPermission is for AWT permissions.
The following table lists all the possible AWTPermission target names, and for each
provides a description of what the permission allows and a discussion of the risks of
granting code the permission.
java.awt.AWTPermission
Target Name What the Permission Allows Risks of Allowing this Permission
accessClipboard Posting and retrieval of information to and from the AWT clipboard This
would allow malfeasant code to share potentially sensitive or confidential information.
accessEventQueue Access to the AWT event queue After retrieving the AWT event queue,
malicious code may peek at and even remove existing events from the system, as well as
post bogus events which may purposefully cause the application or applet to misbehave in
an insecure manner.
listenToAllAWTEvents Listen to all AWT events, system-wide After adding an AWT event listener, malicious code may scan all AWT events dispatched in the system, allowing it to read all user input (such as passwords). Each AWT event listener is called from within the context of that event queue's EventDispatchThread, so if the accessEventQueue permission is also enabled, malicious code could modify the contents of AWT event queues system-wide, causing the application or applet to misbehave in an insecure manner.
readDisplayPixels Readback of pixels from the display screen Interfaces such as the java.awt.Composite interface which allow arbitrary code to examine pixels on the display enable malicious code to snoop on the activities of the user.
showWindowWithoutWarningBanner Display of a window without also displaying a banner warning that the window was created by an applet Without this warning, an applet may pop up windows without the user knowing that they belong to an applet. Since users may make security-sensitive decisions based on whether or not the window belongs to an applet (entering a username and password into a dialog box, for example), disabling this warning banner may allow applets to trick the user into entering such information.
FilePermission
A java.io.FilePermission represents access to a file or directory. A FilePermission consists of a pathname and a set of actions valid for that pathname.
Pathname is the pathname of the file or directory granted the specified actions. A pathname that ends in "/*" (where "/" is the file separator character, File.separatorChar) indicates a directory and all the files contained in that directory. A pathname that ends with "/-" indicates a directory and (recursively) all files and subdirectories contained in that directory. A pathname consisting of the special token "<<ALL FILES>>" matches any file.
A pathname consisting of a single "*" indicates all the files in the current directory, while a pathname consisting of a single "-" indicates all the files in the current directory and (recursively) all files and subdirectories contained in the current directory.
The actions to be granted are passed to the constructor in a string containing a list of zero or more comma-separated keywords. The possible keywords are "read", "write", "execute", and "delete". Their meaning is defined as follows:
read
Permission to read.
write
Permission to write (which includes permission to create).
execute
Permission to execute. Allows Runtime.exec to be called. Corresponds to SecurityManager.checkExec.
delete
Permission to delete. Allows File.delete to be called. Corresponds to SecurityManager.checkDelete.
The actions string is converted to lowercase before processing.
Be careful when granting FilePermissions. Think about the implications of granting read and especially write access to various files and directories. The "<<ALL FILES>>" permission with write action is especially dangerous. This grants permission to write to the entire file system. One thing this effectively allows is replacement of the system binary, including the JVM runtime environment.
Please note: code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so.
NetPermission
A java.net.NetPermission is for various network permissions. A NetPermission contains a name but no actions list; you either have the named permission or you don't.
The following table lists all the possible NetPermission target names, and for each provides a description of what the permission allows and a discussion of the risks of granting code the permission.
java.net.NetPermission
Target Name What the Permission Allows Risks of Allowing this Permission
setDefaultAuthenticator The ability to set the way authentication information is retrieved when a proxy or HTTP server asks for authentication Malicious code can set an authenticator that monitors and steals user authentication input as it retrieves the input from the user.
requestPasswordAuthentication The ability to ask the authenticator registered with the system for a password Malicious code may steal this password.
specifyStreamHandler The ability to specify a stream handler when constructing a URL Malicious code may create a URL with resources that it would normally not have access to (like file:/foo/fum/), specifying a stream handler that gets the actual bytes from someplace it does have access to. Thus it might be able to trick the system into creating a ProtectionDomain/CodeSource for a class even though that class really didn't come from that location.
PropertyPermission
A java.util.PropertyPermission is for property permissions.
The name is the name of the property ("java.home", "os.name", etc). The naming convention follows the hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "java.*" or "*" is valid, "*java" or "a*b" is not valid.
The actions to be granted are passed to the constructor in a string containing a list of zero or more comma-separated keywords. The possible keywords are "read" and "write". Their meaning is defined as follows:
read
Permission to read. Allows System.getProperty to be called.
write
Permission to write. Allows System.setProperty to be called.
The actions string is converted to lowercase before processing.
Care should be taken before granting code permission to access certain system properties. For example, granting permission to access the "java.home" system property gives potentially malevolent code sensitive information about the system environment (the Java installation directory). Also, granting permission to access the "user.name" and "user.home" system properties gives potentially malevolent code sensitive information about the user environment (the user's account name and home directory).
ReflectPermission
A java.lang.reflect.ReflectPermission is for reflective operations. A ReflectPermission is a named permission and has no actions. The only name currently defined is suppressAccessChecks, which allows suppressing the standard language access checks -- for public, default (package) access, protected, and private members -- performed by reflected objects at their point of use.
The following table provides a summary description of what the permission allows, and discusses the risks of granting code the permission.
java.lang.reflect.ReflectPermission
Target Name What the Permission Allows Risks of Allowing this Permission
suppressAccessChecks The ability to access fields and invoke methods in a class. Note that this includes not only public, but protected and private fields and methods as well. This is dangerous in that information (possibly confidential) and methods normally unavailable would be accessible to malicious code.
RuntimePermission
A java.lang.RuntimePermission is for runtime permissions. A RuntimePermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
The target name is the name of the runtime permission (see below). The naming convention follows the hierarchical property naming convention. Also, an asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match. For example: "loadLibrary.*" or "*" is valid, "*loadLibrary" or "a*b" is not valid.
The following table lists all the possible RuntimePermission target names, and for each provides a description of what the permission allows and a discussion of the risks of granting code the permission.
java.lang.RuntimePermission
Target Name What the Permission Allows Risks of Allowing this Permission
createClassLoader Creation of a class loader This is an extremely dangerous permission to grant. Malicious applications that can instantiate their own class loaders could then load their own rogue classes into the system. These newly loaded classes could be placed into any protection domain by the class loader, thereby automatically granting the classes the permissions for that domain.
getClassLoader Retrieval of a class loader (e.g., the class loader for the calling class) This would grant an attacker permission to get the class loader for a particular class. This is dangerous because having access to a class's class loader allows the attacker to load other classes available to that class loader. The attacker would typically otherwise not have access to those classes.
setContextClassLoader Setting of the context class loader used by a thread The context class loader is used by system code and extensions when they need to lookup resources that might not exist in the system class loader. Granting setContextClassLoader permission would allow code to change which context class loader is used for a particular thread, including system threads.
setSecurityManager Setting of the security manager (possibly replacing an existing one) The security manager is a class that allows applications to implement a security policy. Granting the setSecurityManager permission would allow code to change which security manager is used by installing a different, possibly less restrictive security manager, thereby bypassing checks that would have been enforced by the original security manager.
createSecurityManager Creation of a new security manager This gives code access to protected, sensitive methods that may disclose information about other classes or the execution stack.
exitVM Halting of the Java Virtual Machine This allows an attacker to mount a denial-of-service attack by automatically forcing the virtual machine to halt.
setFactory Setting of the socket factory used by ServerSocket or Socket, or of the stream handler factory used by URL This allows code to set the actual implementation for the socket, server socket, stream handler, or RMI socket factory. An attacker may set a faulty implementation which mangles the data stream.
setIO Setting of System.out, System.in, and System.err This allows changing the value of the standard system streams. An attacker may change System.in to monitor and steal user input, or may set System.err to a "null" OutputSteam, which would hide any error messages sent to System.err.
modifyThread stop, suspend, resume, setPriority, and setName methods This allows an attacker to start or suspend any thread in the system.
stopThread Stopping of threads via calls to the Thread stop method This allows code to stop any thread in the system provided that it is already granted permission to access that thread. This poses as a threat, because that code may corrupt the system by killing existing threads.
modifyThreadGroup Modification of thread groups, e.g., via calls to ThreadGroup destroy, resume, setDaemon, setMaxPriority, stop, and suspend methods This allows an attacker to create thread groups and set their run priority.
getProtectionDomain Retrieval of the ProtectionDomain for a class This allows code to obtain policy information for a particular code source. While obtaining policy information does not compromise the security of the system, it does give attackers additional information, such as local file names for example, to better aim an attack.
readFileDescriptor Reading of file descriptors This would allow code to read the particular file associated with the file descriptor read. This is dangerous if the file contains confidential data.
writeFileDescriptor Writing to file descriptors This allows code to write to a particular file associated with the descriptor. This is dangerous because it may allow malicous code to plant viruses or at the very least, fill up your entire disk.
loadLibrary.{library name} Dynamic linking of the specified library It is dangerous to allow an applet permission to load native code libraries, because the Java security architecture is not designed to and does not prevent malicious behavior at the level of native code.
accessClassInPackage.{package name} Access to the specified package via a class loader's loadClass method when that class loader calls the SecurityManager checkPackageAcesss method This gives code access to classes in packages to which it normally does not have access. Malicious code may use these classes to help in its attempt to compromise security in the system.
defineClassInPackage.{package name} Definition of classes in the specified package, via a class loader's defineClass method when that class loader calls the SecurityManager checkPackageDefinition method. This grants code permission to define a class in a particular package. This is dangerous because malicious code with this permission may define rogue classes in trusted packages like java.security or java.lang, for example.
accessDeclaredMembers Access to the declared members of a class This grants code permission to query a class for its public, protected, default (package) access, and private fields and/or methods. Although the code would have access to the private and protected field and method names, it would not have access to the private/protected field data and would not be able to invoke any private methods. Nevertheless, malicious code may use this information to better aim an attack. Additionally, it may invoke any public methods and/or access public fields in the class. This could be dangerous if the code would normally not be able to invoke those methods and/or access the fields because it can't cast the object to the class/interface with those methods and fields.
queuePrintJob Initiation of a print job request This could print sensitive information to a printer, or simply waste paper.
SecurityPermission
A java.security.SecurityPermission is for security permissions. A SecurityPermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
The target name is the name of a security configuration parameter (see below). Currently the SecurityPermission object is used to guard access to the Policy, Security, Provider, Signer, and Identity objects.
The following table lists all the possible SecurityPermission target names, and for each provides a description of what the permission allows and a discussion of the risks of granting code the permission.
java.security.SecurityPermission
Target Name What the Permission Allows Risks of Allowing this Permission
getPolicy Retrieval of the system-wide security policy (specifically, of the currently-installed Policy object) This allows someone to query the policy via the getPermissions call, which discloses which permissions would be granted to a given CodeSource. While revealing the policy does not compromise the security of the system, it does provide malicious code with additional information which it may use to better aim an attack. It is wise not to divulge more information than necessary.
setPolicy Setting of the system-wide security policy (specifically, the Policy object) Granting this permission is extremely dangerous, as malicious code may grant itself all the necessary permissions it needs to successfully mount an attack on the system.
getProperty.{key} Retrieval of the security property with the specified key Depending on the particular key for which access has been granted, the code may have access to the list of security providers, as well as the location of the system-wide and user security policies. while revealing this information does not compromise the security of the system, it does provide malicious code with additional information which it may use to better aim an attack.
setProperty.{key} Setting of the security property with the specified key This could include setting a security provider or defining the location of the the system-wide security policy. Malicious code that has permission to set a new security provider may set a rogue provider that steals confidential information such as cryptographic private keys. In addition, malicious code with permission to set the location of the system-wide security policy may point it to a security policy that grants the attacker all the necessary permissions it requires to successfully mount an attack on the system.
insertProvider.{provider name} Addition of a new provider, with the specified name This would allow somebody to introduce a possibly malicious provider (e.g., one that discloses the private keys passed to it) as the highest-priority provider. This would be possible because the Security object (which manages the installed providers) currently does not check the integrity or authenticity of a provider before attaching it.
removeProvider.{provider name} Removal of the specified provider This may change the behavior or disable execution of other parts of the program. If a provider subsequently requested by the program has been removed, execution may fail. Also, if the removed provider is not explicitly requested by the rest of the program, but it would normally be the provider chosen when a cryptography service is requested (due to its previous order in the list of providers), a different provider will be chosen instead, or no suitable provider will be found, thereby resulting in program failure.
setSystemScope Setting of the system identity scope This would allow an attacker to configure the system identity scope with certificates that should not be trusted, thereby granting applet or application code signed with those certificates privileges that would have been denied by the system's original identity scope
setIdentityPublicKey Setting of the public key for an Identity If the identity is marked as "trusted", this allows an attacker to introduce a different public key (e.g., its own) that is not trusted by the system's identity scope, thereby granting applet or application code signed with that public key privileges that would have been denied otherwise.
SetIdentityInfo Setting of a general information string for an Identity This allows attackers to set the general description for an identity. This may trick applications into using a different identity than intended or may prevent applications from finding a particular identity.
addIdentityCertificate Addition of a certificate for an Identity This allows attackers to set a certificate for an identity's public key. This is dangerous because it affects the trust relationship across the system. This public key suddenly becomes trusted to a wider audience than it otherwise would be.
removeIdentityCertificate Removal of a certificate for an Identity This allows attackers to remove a certificate for an identity's public key. This is dangerous because it affects the trust relationship across the system. This public key suddenly becomes considered less trustworthy than it otherwise would be.
printIdentity Viewing the name of a principal and optionally the scope in which it is used, and whether or not it is considered "trusted" in that scope. The scope that is printed out may be a filename, in which case it may convey local system information. For example, here's a sample printout of an identity named "carol", who is marked not trusted in the user's identity database:
carol[/home/luehe/identitydb.obj][not trusted]
clearProviderProperties.{provider name} "Clearing" of a Provider so that it no longer contains the properties used to look up services implemented by the provider This disables the lookup of services implemented by the provider. This may thus change the behavior or disable execution of other parts of the program that would normally utilize the Provider, as described under the "removeProvider.{provider name}" permission.
putProviderProperty.{provider name} Setting of properties for the specified Provider The provider properties each specify the name and location of a particular service implemented by the provider. By granting this permission, you let code replace the service specification with another one, thereby specifying a different implementation.
removeProviderProperty.{provider name} Removal of properties from the specified Provider This disables the lookup of services implemented by the provider. They are no longer accessible due to removal of the properties specifying their names and locations. This may change the behavior or disable execution of other parts of the program that would normally utilize the Provider, as described under the "removeProvider.{provider name}" permission.
getSignerPrivateKey Retrieval of a Signer's private key It is very dangerous to allow access to a private key; private keys are supposed to be kept secret. Otherwise, code can use the private key to sign various files and claim the signature came from the Signer.
setSignerKeyPair Setting of the key pair (public key and private key) for a Signer This would allow an attacker to replace somebody else's (the "target's") keypair with a possibly weaker keypair (e.g., a keypair of a smaller keysize). This also would allow the attacker to listen in on encrypted communication between the target and its peers. The target's peers might wrap an encryption session key under the target's "new" public key, which would allow the attacker (who possesses the corresponding private key) to unwrap the session key and decipher the communication data encrypted under that session key.
SerializablePermission
A java.io.SerializablePermission is for serializable permissions. A SerializablePermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
The target name is the name of the Serializable permission (see below).
The following table lists all the possible SerializablePermission target names, and for each provides a description of what the permission allows and a discussion of the risks of granting code the permission.
java.io.SerializablePermission
Target Name What the Permission Allows Risks of Allowing this Permission
enableSubclassImplementation Implementing a subclass of ObjectOutputStream or ObjectInputStream to override the default serialization or deserialization, respectively, of objects Code can use this to serialize or deserialize classes in a purposefully malfeasant manner. For example, during serialization, malicious code can use this to purposefully store confidential private field data in a way easily accessible to attackers. Or, during deserializaiton it could, for example, deserialize a class with all its private fields zeroed out.
enableSubstitution Substitution of one object for another during serialization or deserialization This is dangerous because malicious code can replace the actual object with one which has incorrect or malignant data.
SocketPermission
A java.net.SocketPermission represents access to a network via sockets. A SocketPermission consists of a host specification and a set of "actions" specifying ways to connect to that host. The host is specified as
host = (hostname | IPaddress)[:portrange]
portrange = portnumber | -portnumber | portnumber-[portnumber]
The host is expressed as a DNS name, as a numerical IP address, or as "localhost" (for the local machine). The wildcard "*" may be included once in a DNS name host specification. If it is included, it must be in the leftmost position, as in "*.sun.com".
The port or portrange is optional. A port specification of the form "N-", where N is a port number, signifies all ports numbered N and above, while a specification of the form "-N" indicates all ports numbered N and below.
The possible ways to connect to the host are
accept
connect
listen
resolve
The "listen" action is only meaningful when used with "localhost". The "resolve" (resolve host/ip name service lookups) action is implied when any of the other actions are present.
As an example of the creation and meaning of SocketPermissions, note that if you have the following entry in your policy file:
grant signedBy "mrm" {
permission java.net.SocketPermission "puffin.eng.sun.com:7777", "connect,
accept";
};
this causes the following permission object to be generated and granted to code signed by "mrm."
p1 = new SocketPermission("puffin.eng.sun.com:7777", "connect,accept");
p1 represents a permission allowing connections to port 7777 on puffin.eng.sun.com, and also accepting connections on that port.
Similarly, if you have the following entry in your policy:
grant signedBy "paul" {
permission java.net.SocketPermission "localhost:1024-", "accept, connect,
listen";
};
this causes the following permission object to be generated and granted to code signed by "paul."
p2 = new SocketPermission("localhost:1024-", "accept,connect,listen");
p2 represents a permission allowing accepting connections on, connecting to, or listening on any port between 1024 and 65535 on the local host.
Note: Granting code permission to accept or make connections to remote hosts may be dangerous because malevolent code can then more easily transfer and share confidential data among parties who may not otherwise have access to the data.
--------------------------------------------------------------------------------
Methods and the Permissions They Require
The following table contains a list of all the JDK 1.2 methods that require permissions, and for each tells which SecurityManager method it calls and which permission is checked for by the default implementation of that SecurityManager method.
Thus, with the default SecurityManager method implementations, a call to a method in the left-hand column can only be successful if the permission specified in the corresponding entry in the right-hand column is allowed by the policy currently in effect. For example, the following row:
Method SecurityManager Method Called Permission
java.awt.Toolkit
getSystemEventQueue();
checkAwtEventQueueAccess java.awt.AWTPermission "accessEventQueue";
specifies that a call to the getSystemEventQueue method in the java.awt.Toolkit class results in a call to the checkAwtEventQueueAccess SecurityManager method, which can only be successful if the following permission is granted to code on the call stack:
java.awt.AWTPermission "accessEventQueue";
The convention of:
Method SecurityManager Method Called Permission
some.package.class
public static void someMethod(String foo);
checkXXX SomePermission "{foo}";
means the runtime value of foo replaces the string {foo} in the permission name.
As an example, here is one table entry:
Method SecurityManager Method Called Permission
java.io.FileInputStream
FileInputStream(String name)
checkRead(String) java.io.FilePermission "{name}", "read";
If the FileInputStream method (in this case, a constructor) is called with "/test/MyTestFile" as the name argument, as in
FileInputStream("/test/MyTestFile");
then in order for the call to succeed, the following permission must be set in the current policy, allowing read access to the file "/test/MyTestFile":
java.io.FilePermission "/test/MyTestFile", "read";
More specifically, the permission must either be explicitly set, as above, or implied by another permission, such as the following:
java.io.FilePermission "/test/*", "read";
which allows read access to any files in the "/test" directory.
In some cases, a term in braces is not exactly the same as the name of a specific method argument but is meant to represent the relevant value. Here is an example:
Method SecurityManager Method Called Permission
java.net.DatagramSocket
public synchronized void
receive(DatagramPacket p);
checkAccept({host}, {port}) java.net.SocketPermission "{host}:{port}", "accept";
Here, the appropriate host and port values are calculated by the receive method and passed to checkAccept.
In most cases, just the name of the SecurityManager method called is listed. Where the method is one of multiple methods of the same name, the argument types are also listed, for example for checkRead(String) and checkRead(FileDescriptor). In other cases where arguments may be relevant, they are also listed.
The following table is ordered by package name. That is, the methods in classes in the java.awt package are listed first, followed by methods in classes in the java.io package, and so on.
Methods and the Permissions They Require
Method SecurityManager Method Called Permission
java.awt.Graphics2d
public abstract void
setComposite(Composite comp)
checkPermission java.awt.AWTPermission "readDisplayPixels" if this Graphics2D context is drawing to a Component on the display screen and the Composite is a custom object rather than an instance of the AlphaComposite class. Note: The setComposite method is actually abstract and thus can't invoke security checks. Each actual implementation of the method should call the java.lang.SecurityManager checkPermission method with a java.awt.AWTPermission("readDisplayPixels") permission under the conditions noted.
java.awt.Toolkit
public void addAWTEventListener(
AWTEventListener listener,
long eventMask)
public void removeAWTEventListener(
AWTEventListener listener)
checkPermission java.awt.AWTPermission "listenToAllAWTEvents"
java.awt.Toolkit
public abstract PrintJob getPrintJob(
Frame frame, String jobtitle,
Properties props)
checkPrintJobAccess java.lang.RuntimePermission "queuePrintJob"
Note: The getPrintJob method is actually abstract and thus can't invoke security checks. Each actual implementation of the method should call the java.lang.SecurityManager checkPrintJobAccess method, which is successful only if the java.lang.RuntimePermission "queuePrintJob" permission is currently allowed.
java.awt.Toolkit
public abstract Clipboard
getSystemClipboard()
checkSystemClipboardAccess java.awt.AWTPermission "accessClipboard"
Note: The getSystemClipboard method is actually abstract and thus can't invoke security checks. Each actual implementation of the method should call the java.lang.SecurityManager checkSystemClipboardAccess method, which is successful only if the java.awt.AWTPermission "accessClipboard" permission is currently allowed.
java.awt.Toolkit
public final EventQueue
getSystemEventQueue()
checkAwtEventQueueAccess java.awt.AWTPermission "accessEventQueue"
java.awt.Window
Window()
checkTopLevelWindow If java.awt.AWTPermission "showWindowWithoutWarningBanner" is set, the window will be displayed without a banner warning that the window was created by an applet. It it's not set, such a banner will be displayed.
java.beans.Beans
public static void setDesignTime(
boolean isDesignTime)
public static void setGuiAvailable(
boolean isGuiAvailable)
java.beans.Introspector
public static synchronized void
setBeanInfoSearchPath(String path[])
java.beans.PropertyEditorManager
public static void registerEditor(
Class targetType,
Class editorClass)
public static synchronized void
setEditorSearchPath(String path[])
checkPropertiesAccess java.util.PropertyPermission "*", "read,write"
java.io.File
public boolean delete()
public void deleteOnExit()
checkDelete(String) java.io.FilePermission "{name}", "delete"
java.io.FileInputStream
FileInputStream(FileDescriptor fdObj)
checkRead(FileDescriptor) java.lang.RuntimePermission "readFileDescriptor"
java.io.FileInputStream
FileInputStream(String name)
FileInputStream(File file)
java.io.File
public boolean exists()
public boolean canRead()
public boolean isFile()
public boolean isDirectory()
public boolean isHidden()
public long lastModified()
public long length()
public String[] list()
public String[] list(
FilenameFilter filter)
public File[] listFiles()
public File[] listFiles(
FilenameFilter filter)
public File[] listFiles(
FileFilter filter)
java.io.RandomAccessFile
RandomAccessFile(String name, String mode)
RandomAccessFile(File file, String mode)
(where mode is "r" in both of these)
checkRead(String) java.io.FilePermission "{name}", "read"
java.io.FileOutputStream
FileOutputStream(FileDescriptor fdObj)
checkWrite(FileDescriptor) java.lang.RuntimePermission "writeFileDescriptor"
java.io.FileOutputStream
FileOutputStream(File file)
FileOutputStream(String name)
FileOutputStream(String name,
boolean append)
java.io.File
public boolean canWrite()
public boolean createNewFile()
public static File createTempFile(
String prefix, String suffix)
public static File createTempFile(
String prefix, String suffix,
File directory)
public boolean mkdir()
public boolean mkdirs()
public boolean renameTo(File dest)
public boolean setLastModified(long time)
public boolean setReadOnly()
checkWrite(String) java.io.FilePermission "{name}", "write"
java.io.ObjectInputStream
protected final boolean
enableResolveObject(boolean enable);
java.io.ObjectOutputStream
protected final boolean
enableReplaceObject(boolean enable)
checkPermission java.io.SerializablePermission "enableSubstitution"
java.io.ObjectInputStream
protected ObjectInputStream()
java.io.ObjectOutputStream
protected ObjectOutputStream()
checkPermission java.io.SerializablePermission "enableSubclassImplementation"
java.io.RandomAccessFile
RandomAccessFile(String name, String mode)
(where mode is "rw")
checkRead(String) and checkWrite(String) java.io.FilePermission "{name}", "read,write"
java.lang.Class
public static Class forName(
String name, boolean initialize,
ClassLoader loader)
checkPermission If loader is null, and the caller's class loader is not null, then java.lang.RuntimePermission("getClassLoader")
java.lang.Class
public Class[] getClasses()
For this class and each of its superclasses, checkMemberAccess(this, Member.DECLARED) is called and, if the class is in a package, checkPackageAccess({pkgName}) is called. Default checkMemberAccess does not require any permissions if "this" class's classloader is the same as that of the caller. Otherwise, it requires java.lang.RuntimePermission "accessDeclaredMembers". If the class is in a package, java.lang.RuntimePermission "accessClassInPackage.{pkgName}" is also required.
java.lang.Class
public ClassLoader getClassLoader()
checkPermission If the caller's class loader is null, or is the same as or an ancestor of the class loader for the class whose class loader is being requested, no permission is needed. Otherwise,
java.lang.RuntimePermission "getClassLoader"
is required.
java.lang.Class
public Class[] getDeclaredClasses()
public Field[] getDeclaredFields()
public Method[] getDeclaredMethods()
public Constructor[]
getDeclaredConstructors()
public Field getDeclaredField(
String name)
public Method getDeclaredMethod(...)
public Constructor
getDeclaredConstructor(...)
checkMemberAccess(this, Member.DECLARED) and, if this class is in a package, checkPackageAccess({pkgName}) Default checkMemberAccess does not require any permissions if "this" class's classloader is the same as that of the caller. Otherwise, it requires java.lang.RuntimePermission "accessDeclaredMembers". If this class is in a package, java.lang.RuntimePermission "accessClassInPackage.{pkgName}" is also required.
java.lang.Class
public Field[] getFields()
public Method[] getMethods()
public Constructor[] getConstructors()
public Field getField(String name)
public Method getMethod(...)
public Constructor getConstructor(...)
checkMemberAccess(this, Member.PUBLIC) and, if class is in a package, checkPackageAccess({pkgName}) Default checkMemberAccess does not require any permissions when the access type is Member.PUBLIC. If this class is in a package, java.lang.RuntimePermission "accessClassInPackage.{pkgName}" is required.
java.lang.Class
public ProtectionDomain
getProtectionDomain()
checkPermission java.lang.RuntimePermission "getProtectionDomain"
java.lang.ClassLoader
ClassLoader()
ClassLoader(ClassLoader parent)
checkCreateClassLoader java.lang.RuntimePermission "createClassLoader"
java.lang.ClassLoader
public static ClassLoader
getSystemClassLoader()
public ClassLoader getParent()
checkPermission If the caller's class loader is null, or is the same as or an ancestor of the class loader for the class whose class loader is being requested, no permission is needed. Otherwise,
java.lang.RuntimePermission "getClassLoader"
is required.
java.lang.Runtime
public Process exec(String command)
public Process exec(String command,
String envp[])
public Process exec(String cmdarray[])
public Process exec(String cmdarray[],
String envp[])
checkExec java.io.FilePermission "{command}", "execute"
java.lang.Runtime
public void exit(int status)
public static void
runFinalizersOnExit(boolean value)
java.lang.System
public static void exit(int status)
public static void
runFinalizersOnExit(boolean value)
checkExit(status) where status is 0 for runFinalizersOnExit java.lang.RuntimePermission "exitVM"
java.lang.Runtime
public void load(String lib)
public void loadLibrary(String lib)
java.lang.System
public static void load(String filename)
public static void loadLibrary(
String libname)
checkLink({libName}) where {libName} is the lib, filename or libname argument java.lang.RuntimePermission "loadLibrary.{libName}"
java.lang.SecurityManager methods
checkPermission See the next table.
java.lang.System
public static Properties
getProperties()
public static void
setProperties(Properties props)
checkPropertiesAccess java.util.PropertyPermission "*", "read,write"
java.lang.System
public static String
getProperty(String key)
public static String
getProperty(String key, String def)
checkPropertyAccess java.util.PropertyPermission "{key}", "read"
java.lang.System
public static void setIn(InputStream in)
public static void setOut(PrintStream out)
public static void setErr(PrintStream err)
checkPermission java.lang.RuntimePermission "setIO"
java.lang.System
public static String
setProperty(String key, String value)
checkPermission java.util.PropertyPermission "{key}", "write"
java.lang.System
public static synchronized void
setSecurityManager(SecurityManager s)
checkPermission java.lang.RuntimePermission "setSecurityManager"
java.lang.Thread
public ClassLoader getContextClassLoader()
checkPermission If the caller's class loader is null, or is the same as or an ancestor of the context class loader for the thread whose context class loader is being requested, no permission is needed. Otherwise,
java.lang.RuntimePermission "getClassLoader"
is required.
java.lang.Thread
public void setContextClassLoader
(ClassLoader cl)
checkPermission java.lang.RuntimePermission "setContextClassLoader"
java.lang.Thread
public final void checkAccess()
public void interrupt()
public final void suspend()
public final void resume()
public final void setPriority
(int newPriority)
public final void setName(String name)
public final void setDaemon(boolean on)
checkAccess(this) java.lang.RuntimePermission "modifyThread"
java.lang.Thread
public static int
enumerate(Thread tarray[])
checkAccess({threadGroup}) java.lang.RuntimePermission "modifyThreadGroup"
java.lang.Thread
public final void stop()
checkAccess(this). Also checkPermission if the current thread is trying to stop a thread other than itself. java.lang.RuntimePermission "modifyThread".
Also java.lang.RuntimePermission "stopThread" if the current thread is trying to stop a thread other than itself.
java.lang.Thread
public final synchronized void
stop(Throwable obj)
checkAccess(this). Also checkPermission if the current thread is trying to stop a thread other than itself or obj is not an instance of ThreadDeath. java.lang.RuntimePermission "modifyThread".
Also java.lang.RuntimePermission "stopThread" if the current thread is trying to stop a thread other than itself or obj is not an instance of ThreadDeath.
java.lang.Thread
Thread()
Thread(Runnable target)
Thread(String name)
Thread(Runnable target, String name)
java.lang.ThreadGroup
ThreadGroup(String name)
ThreadGroup(ThreadGroup parent,
String name)
checkAccess({parentThreadGroup}) java.lang.RuntimePermission "modifyThreadGroup"
java.lang.Thread
Thread(ThreadGroup group, ...)
java.lang.ThreadGroup
public final void checkAccess()
public int enumerate(Thread list[])
public int enumerate(Thread list[],
boolean recurse)
public int enumerate(ThreadGroup list[])
public int enumerate(ThreadGroup list[],
boolean recurse)
public final ThreadGroup getParent()
public final void
setDaemon(boolean daemon)
public final void setMaxPriority(int pri)
public final void suspend()
public final void resume()
public final void destroy()
checkAccess(this) for ThreadGroup methods, or checkAccess(group) for Thread methods java.lang.RuntimePermission "modifyThreadGroup"
java.lang.ThreadGroup
public final void interrupt()
checkAccess(this) Requires java.lang.RuntimePermission "modifyThreadGroup".
Also requires java.lang.RuntimePermission "modifyThread", since the java.lang.Thread interrupt() method is called for each thread in the thread group and in all of its subgroups. See the Thread interrupt() method.
java.lang.ThreadGroup
public final void stop()
checkAccess(this) Requires java.lang.RuntimePermission "modifyThreadGroup".
Also requires java.lang.RuntimePermission "modifyThread" and possibly java.lang.RuntimePermission "stopThread", since the java.lang.Thread stop() method is called for each thread in the thread group and in all of its subgroups. See the Thread stop() method.
java.lang.reflect.AccessibleObject
public static void setAccessible(...)
public void setAccessible(...)
checkPermission java.lang.reflect.ReflectPermission "suppressAccessChecks"
java.net.Authenticator
public static PasswordAuthentication
requestPasswordAuthentication(
InetAddress addr,
int port,
String protocol,
String prompt,
String scheme)
checkPermission java.net.NetPermission "requestPasswordAuthentication"
java.net.Authenticator
public static void
setDefault(Authenticator a)
checkPermission java.net.NetPermission "setDefaultAuthenticator"
java.net.MulticastSocket
public void
joinGroup(InetAddress mcastaddr)
public void
leaveGroup(InetAddress mcastaddr)
checkMulticast(InetAddress) java.net.SocketPermission( mcastaddr.getHostAddress(), "accept,connect")
java.net.DatagramSocket
public void send(DatagramPacket p)
checkMulticast(p.getAddress()) or checkConnect(
p.getAddress().getHostAddress(), p.getPort()) if (p.getAddress().isMulticastAddress()) {
java.net.SocketPermission(
(p.getAddress()).getHostAddress(), "accept,connect")
}
else {
port = p.getPort();
host = p.getAddress().getHostAddress();
if (port == -1) java.net.SocketPermission "{host}","resolve";
else java.net.SocketPermission "{host}:{port}","connect"
}
java.net.MulticastSocket
public synchronized void
send(DatagramPacket p, byte ttl)
checkMulticast(p.getAddress(), ttl) or checkConnect(
p.getAddress().getHostAddress(), p.getPort()) if (p.getAddress().isMulticastAddress()) {
java.net.SocketPermission(
(p.getAddress()).getHostAddress(), "accept,connect")
}
else {
port = p.getPort();
host = p.getAddress().getHostAddress();
if (port == -1) java.net.SocketPermission "{host}","resolve";
else java.net.SocketPermission "{host}:{port}","connect"
}
java.net.InetAddress
public String getHostName()
public static InetAddress[]
getAllByName(String host)
public static InetAddress getLocalHost()
java.net.DatagramSocket
public InetAddress getLocalAddress()
checkConnect({host}, -1) java.net.SocketPermission "{host}", "resolve"
java.net.ServerSocket
ServerSocket(...)
java.net.DatagramSocket
DatagramSocket(...)
java.net.MulticastSocket
MulticastSocket(...)
checkListen({port}) if (port == 0) java.net.SocketPermission "localhost:1024-","listen";
else java.net.SocketPermission "localhost:{port}","listen"
java.net.ServerSocket
public Socket accept()
protected final void implAccept(Socket s)
checkAccept({host}, {port}) java.net.SocketPermission "{host}:{port}", "accept"
java.net.ServerSocket
public static synchronized void
setSocketFactory(...)
java.net.Socket
public static synchronized void
setSocketImplFactory(...)
java.net.URL
public static synchronized void
setURLStreamHandlerFactory(...)
java.net.URLConnection
public static synchronized void
setContentHandlerFactory(...)
public static void
setFileNameMap(FileNameMap map)
java.net.HttpURLConnection
public static void
setFollowRedirects(boolean set)
java.rmi.activation.ActivationGroup
public static synchronized
ActivationGroup createGroup(...)
public static synchronized void
setSystem(ActivationSystem system)
java.rmi.server.RMISocketFactory
public synchronized static void
setSocketFactory(...)
checkSetFactory java.lang.RuntimePermission "setFactory"
java.net.Socket
Socket(...)
checkConnect({host}, {port}) java.net.SocketPermission "{host}:{port}", "connect"
java.net.DatagramSocket
public synchronized void
receive(DatagramPacket p)
checkAccept({host}, {port}) java.net.SocketPermission "{host}:{port}", "accept"
java.net.URL
URL(...)
checkPermission java.net.NetPermission "specifyStreamHandler"
java.net.URLClassLoader
URLClassLoader(...)
checkCreateClassLoader java.lang.RuntimePermission "createClassLoader"
java.security.Identity
public void addCertificate(...)
checkSecurityAccess(
"addIdentityCertificate") java.security.SecurityPermission "addIdentityCertificate"
java.security.Identity
public void removeCertificate(...)
checkSecurityAccess(
"removeIdentityCertificate") java.security.SecurityPermission "removeIdentityCertificate"
java.security.Identity
public void setInfo(String info)
checkSecurityAccess(
"setIdentityInfo") java.security.SecurityPermission "setIdentityInfo"
java.security.Identity
public void setPublicKey(PublicKey key)
checkSecurityAccess(
"setIdentityPublicKey") java.security.SecurityPermission "setIdentityPublicKey"
java.security.Identity
public String toString(...)
checkSecurityAccess(
"printIdentity") java.security.SecurityPermission "printIdentity"
java.security.IdentityScope
protected static void setSystemScope()
checkSecurityAccess(
"setSystemScope") java.security.SecurityPermission "setSystemScope"
java.security.Permission
public void checkGuard(Object object)
checkPermission(this) this Permission object is the permission checked
java.security.Policy
public static Policy getPolicy()
checkPermission java.security.SecurityPermission "getPolicy"
java.security.Policy
public static void
setPolicy(Policy policy);
checkPermission java.security.SecurityPermission "setPolicy"
java.security.Provider
public synchronized void clear()
checkSecurityAccess(
"clearProviderProperties."+{name}) java.security.SecurityPermission "clearProviderProperties.{name}" where name is the provider name.
java.security.Provider
public synchronized Object
put(Object key, Object value)
checkSecurityAccess(
"putProviderProperty."+{name}) java.security.SecurityPermission "putProviderProperty.{name}" where name is the provider name.
java.security.Provider
public synchronized Object
remove(Object key)
checkSecurityAccess(
"removeProviderProperty."+{name}) java.security.SecurityPermission "removeProviderProperty.{name}" where name is the provider name.
java.security.SecureClassLoader
SecureClassLoader(...)
checkCreateClassLoader java.lang.RuntimePermission "createClassLoader"
java.security.Security
public static void getProperty(String key)
checkPermission java.security.SecurityPermission "getProperty.{key}"
java.security.Security
public static int
addProvider(Provider provider)
public static int
insertProviderAt(Provider provider,
int position);
checkSecurityAccess(
"insertProvider."+provider.getName()) java.security.SecurityPermission "insertProvider.{name}"
java.security.Security
public static void
removeProvider(String name)
checkSecurityAccess(
"removeProvider."+name) java.security.SecurityPermission "removeProvider.{name}"
java.security.Security
public static void
setProperty(String key, String datum)
checkSecurityAccess(
"setProperty."+key) java.security.SecurityPermission "setProperty.{key}"
java.security.Signer
public PrivateKey getPrivateKey()
checkSecurityAccess(
"getSignerPrivateKey") java.security.SecurityPermission "getSignerPrivateKey"
java.security.Signer
public final void
setKeyPair(KeyPair pair)
checkSecurityAccess(
"setSignerKeypair") java.security.SecurityPermission "setSignerKeypair"
java.util.Locale
public static synchronized void
setDefault(Locale newLocale)
checkPermission java.util.PropertyPermission "user.language","write"
java.util.zip.ZipFile
ZipFile(String name)
checkRead java.io.FilePermission "{name}","read"
--------------------------------------------------------------------------------
java.lang.SecurityManager Method Permission Checks
This table shows which permissions are checked for by the default implementations of the java.lang.SecurityManager methods.
Each of the specified check methods calls the SecurityManager checkPermission method with the specified permission, except for the checkConnect and checkRead methods that take a context argument. Those methods expect the context to be an AccessControlContext and they call the context's checkPermission method with the specified permission.
Method Permission
public void checkAccept(String host, int port); java.net.SocketPermission "{host}:{port}", "accept";
public void checkAccess(Thread g); java.lang.RuntimePermission "modifyThread");
public void checkAccess(ThreadGroup g); java.lang.RuntimePermission "modifyThreadGroup");
public void checkAwtEventQueueAccess(); java.awt.AWTPermission "accessEventQueue";
public void checkConnect(String host, int port); if (port == -1) java.net.SocketPermission "{host}","resolve";
else java.net.SocketPermission "{host}:{port}","connect";
public void checkConnect(String host, int port, Object context); if (port == -1) java.net.SocketPermission "{host}","resolve";
else java.net.SocketPermission "{host}:{port}","connect";
public void checkCreateClassLoader(); java.lang.RuntimePermission "createClassLoader";
public void checkDelete(String file); java.io.FilePermission "{file}", "delete";
public void checkExec(String cmd); if cmd is an absolute path: java.io.FilePermission "{cmd}", "execute";
else java.io.FilePermission "-", "execute";
public void checkExit(int status); java.lang.RuntimePermission "exitVM");
public void checkLink(String lib); java.lang.RuntimePermission "loadLibrary.{lib}";
public void checkListen(int port); if (port == 0) java.net.SocketPermission "localhost:1024-","listen";
else java.net.SocketPermission "localhost:{port}","listen";
public void checkMemberAccess(Class clazz, int which); if (which != Member.PUBLIC) {
if (currentClassLoader() != clazz.getClassLoader()) {
checkPermission(
new java.lang.RuntimePermission("accessDeclaredMembers"));
}
}
public void checkMulticast(InetAddress maddr); java.net.SocketPermission(maddr.getHostAddress(),"accept,connect");
public void checkMulticast(InetAddress maddr, byte ttl); java.net.SocketPermission(maddr.getHostAddress(),"accept,connect");
public void checkPackageAccess(String pkg); java.lang.RuntimePermission "accessClassInPackage.{pkg}";
public void checkPackageDefinition(String pkg); java.lang.RuntimePermission "defineClassInPackage.{pkg}";
public void checkPrintJobAccess(); java.lang.RuntimePermission "queuePrintJob";
public void checkPropertiesAccess(); java.util.PropertyPermission "*", "read,write";
public void checkPropertyAccess(String key); java.util.PropertyPermission "{key}", "read,write";
public void checkRead(FileDescriptor fd); java.lang.RuntimePermission "readFileDescriptor";
public void checkRead(String file); java.io.FilePermission "{file}", "read";
public void checkRead(String file, Object context); java.io.FilePermission "{file}", "read";
public void checkSecurityAccess(String action); java.security.SecurityPermission "{action}";
public void checkSetFactory(); java.lang.RuntimePermission "setFactory";
public void checkSystemClipboardAccess(); java.awt.AWTPermission "accessClipboard";
public boolean checkTopLevelWindow(Object window); java.awt.AWTPermission "showWindowWithoutWarningBanner";
public void checkWrite(FileDescriptor fd); java.lang.RuntimePermission "writeFileDescriptor";
public void checkWrite(String file); java.io.FilePermission "{file}", "write";
public SecurityManager(); java.lang.RuntimePermission "createSecurityManager";
--------------------------------------------------------------------------------
Copyright <20> 1997-98 Sun Microsystems, Inc. All Rights Reserved.
Please send comments to: java-security@java.sun.com
Java Software

BIN
docs/resign.doc Normal file
View File

Binary file not shown.

BIN
docs/resign_barra.doc Normal file
View File

Binary file not shown.

BIN
docs/resign_ziff.doc Normal file
View File

Binary file not shown.

4051
docs/rfc0821.txt Normal file
View File

File diff suppressed because it is too large Load Diff

3504
docs/rfc1945.htm Normal file
View File

File diff suppressed because it is too large Load Diff

874
docs/rfc790.txt Normal file
View File

@@ -0,0 +1,874 @@
rfc790
Press here to go to the top of the rfc 'tree'.
Network Working Group J. Postel
Request for Comments: 790 ISI
September 1981
Obsoletes RFCs: 776, 770, 762, 758,
755, 750, 739, 604, 503, 433, 349
Obsoletes IENs: 127, 117, 93
ASSIGNED NUMBERS
This Network Working Group Request for Comments documents the currently
assigned values from several series of numbers used in network protocol
implementations. This RFC will be updated periodically, and in any case
current information can be obtained from Jon Postel. The assignment of
numbers is also handled by Jon. If you are developing a protocol or
application that will require the use of a link, socket, port, protocol,
or network number please contact Jon to receive a number assignment.
Jon Postel
USC - Information Sciences Institute
4676 Admiralty Way
Marina del Rey, California 90291
phone: (213) 822-1511
ARPANET mail: POSTEL@ISIF
Most of the protocols mentioned here are documented in the RFC series of
notes. The more prominent and more generally used are documented in the
Protocol Handbook [17] prepared by the Network Information Center (NIC).
Some of the items listed are undocumented. In all cases the name and
mailbox of the responsible individual is indicated. In the lists that
follow, a bracketed entry, e.g., [17,iii], at the right hand margin of
the page indicates a reference for the listed protocol, where the number
cites the document and the "iii" cites the person.
Postel [Page 1]
RFC 790 September 1981
Assigned Numbers
Network Numbers
ASSIGNED NETWORK NUMBERS
This list of network numbers is used in the internet address [33].
The Internet Protocol (IP) uses a 32 bit address and divides that
address into a network part and a "rest" or local address part. The
division takes 3 forms or classes.
The first type, or class a, of address has a 7-bit network number
and a 24-bit local address. This allows 128 class a networks.
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0| NETWORK | Local Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Class A Address
The second type, or class b, of address has a 14-bit network
number and a 16-bit local address. This allows 16,384 class b
networks.
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 0| NETWORK | Local Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Class B Address
The third type, or class c, of address has a 21-bit network number
and a 8-bit local address. This allows 2,097,152 class c
networks.
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 1 0| NETWORK | Local Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Class C Address
One notation for internet host addresses commonly used divides the
32-bit address into four 8-bit fields and specifies the value of each
field as a decimal number with the fields separated by periods. For
example, the internet address of ISIF is 010.020.000.052.
This notation will be used in the listing of assigned network
Postel [Page 2]
RFC 790 September 1981
Assigned Numbers
Network Numbers
numbers. The class a networks will have nnn.rrr.rrr.rrr, the class b
networks will have nnn.nnn.rrr.rrr, and the class c networks will
have nnn.nnn.nnn.rrr, where nnn represents part or all of a network
number and rrr represents part or all of a local address or rest
field.
Assigned Network Numbers
Class A Networks
Internet Address Name Network References
---------------- ---- ------- ----------
000.rrr.rrr.rrr Reserved [JBP]
001.rrr.rrr.rrr BBN-PR BBN Packet Radio Network [DCA2]
002.rrr.rrr.rrr SF-PR-1 SF Packet Radio Network (1) [JEM]
003.rrr.rrr.rrr BBN-RCC BBN RCC Network [SGC]
004.rrr.rrr.rrr SATNET Atlantic Satellite Network [DM11]
005.rrr.rrr.rrr SILL-PR Ft. Sill Packet Radio Network[JEM]
006.rrr.rrr.rrr SF-PR-2 SF Packet Radio Network (2) [JEM]
007.rrr.rrr.rrr CHAOS MIT CHAOS Network [MOON]
008.rrr.rrr.rrr CLARKNET SATNET subnet for Clarksburg[DM11]
009.rrr.rrr.rrr BRAGG-PR Ft. Bragg Packet Radio Net [JEM]
010.rrr.rrr.rrr ARPANET ARPANET [17,1,VGC]
011.rrr.rrr.rrr UCLNET University College London [PK]
012.rrr.rrr.rrr CYCLADES CYCLADES [VGC]
013.rrr.rrr.rrr Unassigned [JBP]
014.rrr.rrr.rrr TELENET TELENET [VGC]
015.rrr.rrr.rrr EPSS British Post Office EPSS [PK]
016.rrr.rrr.rrr DATAPAC DATAPAC [VGC]
017.rrr.rrr.rrr TRANSPAC TRANSPAC [VGC]
018.rrr.rrr.rrr LCSNET MIT LCS Network [43,10,DDC2]
019.rrr.rrr.rrr TYMNET TYMNET [VGC]
020.rrr.rrr.rrr DC-PR D.C. Packet Radio Network [VGC]
021.rrr.rrr.rrr EDN DCEC EDN [EC5]
022.rrr.rrr.rrr DIALNET DIALNET [26,16,MRC]
023.rrr.rrr.rrr MITRE MITRE Cablenet [44,APS]
024.rrr.rrr.rrr BBN-LOCAL BBN Local Network [SGC]
025.rrr.rrr.rrr RSRE-PPSN RSRE / PPSN [BD2]
026.rrr.rrr.rrr AUTODIN-II AUTODIN II [EC5]
027.rrr.rrr.rrr NOSC-LCCN NOSC / LCCN [KTP]
028.rrr.rrr.rrr WIDEBAND Wide Band Satellite Network [CJW2]
029.rrr.rrr.rrr DCN-COMSAT COMSAT Dist. Comp. Network [DLM1]
030.rrr.rrr.rrr DCN-UCL UCL Dist. Comp. Network [PK]
031.rrr.rrr.rrr BBN-SAT-TEST BBN SATNET Test Network [DM11]
032.rrr.rrr.rrr UCL-CR1 UCL Cambridge Ring 1 [PK]
033.rrr.rrr.rrr UCL-CR2 UCL Cambridge Ring 2 [PK]
034.rrr.rrr.rrr MATNET Mobile Access Terminal Net [DM11]
035.rrr.rrr.rrr NULL UCL/RSRE Null Network [BD2]
Postel [Page 3]
RFC 790 September 1981
Assigned Numbers
Network Numbers
036.rrr.rrr.rrr SU-NET Stanford University Ethernet [MRC]
037.rrr.rrr.rrr DECNET Digital Equipment Network [DRL]
038.rrr.rrr.rrr DECNET-TEST Test Digital Equipment Net [DRL]
039.rrr.rrr.rrr SRINET SRI Local Network [GEOF]
040.rrr.rrr.rrr CISLNET CISL Multics Network [CH2]
041.rrr.rrr.rrr BBN-LN-TEST BBN Local Network Testbed [KTP]
042.rrr.rrr.rrr S1NET LLL-S1-NET [EAK]
043.rrr.rrr.rrr INTELPOST COMSAT INTELPOST [DLM1]
044.rrr.rrr.rrr AMPRNET Amature Radio Experiment Net [HM]
044.rrr.rrr.rrr-126.rrr.rrr.rrr Unassigned [JBP]
127.rrr.rrr.rrr Reserved [JBP]
Class B Networks
Internet Address Name Network References
---------------- ---- ------- ----------
128.000.rrr.rrr Reserved [JBP]
128.001.rrr.rrr-128.254.rrr.rrr Unassigned [JBP]
191.255.rrr.rrr Reserved [JBP]
Class C Networks
Internet Address Name Network References
---------------- ---- ------- ----------
192.000.001.rrr Reserved [JBP]
192.000.001.rrr-223.255.254.rrr Unassigned [JBP]
223.255.255.rrr Reserved [JBP]
Other Reserved Internet Addresses
Internet Address Name Network References
---------------- ---- ------- ----------
224.000.000.000-255.255.255.255 Reserved [JBP]
Postel [Page 4]
RFC 790 September 1981
Assigned Numbers
Internet Version Numbers
ASSIGNED INTERNET VERSION NUMBERS
In the Internet Protocol (IP) [33] there is a field to identify the
version of the internetwork general protocol. This field is 4 bits
in size.
Assigned Internet Version Numbers
Decimal Octal Version References
------- ----- ------- ----------
0 0 Reserved [JBP]
1-3 1-3 Unassigned [JBP]
4 4 Internet Protocol [33,JBP]
5 5 ST Datagram Mode [20,JWF]
6-14 6-16 Unassigned [JBP]
15 17 Reserved [JBP]
Postel [Page 5]
RFC 790 September 1981
Assigned Numbers
Internet Protocol Numbers
ASSIGNED INTERNET PROTOCOL NUMBERS
In the Internet Protocol (IP) [33] there is a field, called Protocol,
to identify the the next level protocol. This is an 8 bit field.
Assigned Internet Protocol Numbers
Decimal Octal Protocol Numbers References
------- ----- ---------------- ----------
0 0 Reserved [JBP]
1 1 ICMP [53,JBP]
2 2 Unassigned [JBP]
3 3 Gateway-to-Gateway [48,49,VMS]
4 4 CMCC Gateway Monitoring Message [18,19,DFP]
5 5 ST [20,JWF]
6 6 TCP [34,JBP]
7 7 UCL [PK]
8 10 Unassigned [JBP]
9 11 Secure [VGC]
10 12 BBN RCC Monitoring [VMS]
11 13 NVP [12,DC]
12 14 PUP [4,EAT3]
13 15 Pluribus [RDB2]
14 16 Telenet [RDB2]
15 17 XNET [25,JFH2]
16 20 Chaos [MOON]
17 21 User Datagram [42,JBP]
18 22 Multiplexing [13,JBP]
19 23 DCN [DLM1]
20 24 TAC Monitoring [55,RH6]
21-62 25-76 Unassigned [JBP]
63 77 any local network [JBP]
64 100 SATNET and Backroom EXPAK [DM11]
65 101 MIT Subnet Support [NC3]
66-68 102-104 Unassigned [JBP]
69 105 SATNET Monitoring [DM11]
70 106 Unassigned [JBP]
71 107 Internet Packet Core Utility [DM11]
72-75 110-113 Unassigned [JBP]
76 114 Backroom SATNET Monitoring [DM11]
77 115 Unassigned [JBP]
78 116 WIDEBAND Monitoring [DM11]
79 117 WIDEBAND EXPAK [DM11]
80-254 120-376 Unassigned [JBP]
255 377 Reserved [JBP]
Postel [Page 6]
RFC 790 September 1981
Assigned Numbers
Port or Socket Numbers
ASSIGNED PORT or SOCKET NUMBERS
Ports are used in the TCP [34] and sockets are used in the AHHP
[28,17] to name the ends of logical connections which carry long term
conversations. For the purpose of providing services to unknown
callers a service contact socket is defined. This list specifies the
port or socket used by the server process as its contact socket. In
the AHHP an Initial Connection Procedure ICP [39,17] is used between
the user process and the server process to make the initial contact
and establish the long term connections leaving the contact socket
free to handle other callers. In the TCP no ICP is necessary since a
port may engage in many simultaneous connections.
To the extent possible these same port assignments are used with UDP
[42].
The assigned ports/sockets use a small part of the possible
port/socket numbers. The assigned ports/sockets have all except the
low order eight bits cleared to zero. The low order eight bits are
specified here.
Socket Assignments:
General Assignments:
Decimal Octal Description
------- ----- -----------
0-63 0-77 Network Wide Standard Function
64-131 100-203 Hosts Specific Functions
132-223 204-337 Reserved for Future Use
224-255 340-377 Any Experimental Function
Postel [Page 7]
RFC 790 September 1981
Assigned Numbers
Port or Socket Numbers
Specific Assignments:
Network Standard Functions
Decimal Octal Description References
------- ----- ----------- ----------
1 1 Old Telnet [40,JBP]
3 3 Old File Transfer [27,11,24,JBP]
5 5 Remote Job Entry [6,17,JBP]
7 7 Echo [35,JBP]
9 11 Discard [32,JBP]
11 13 Who is on or SYSTAT [JBP]
13 15 Date and Time [JBP]
15 17 Who is up or NETSTAT [JBP]
17 21 Short Text Message [JBP]
19 23 Character generator or TTYTST [31,JBP]
21 25 New File Transfer [36,JBP]
23 27 New Telnet [41,JBP]
25 31 SMTP [54,JBP]
27 33 NSW User System w/COMPASS FE [14,RHT]
29 35 MSG-3 ICP [29,RHT]
31 37 MSG-3 Authentication [29,RHT]
33 41 Unassigned [JBP]
35 43 IO Station Spooler [JBP]
37 45 Time Server [22,JBP]
39 47 Unassigned [JBP]
41 51 Graphics [46,17,JBP]
42 52 Name Server [38,JBP]
43 53 WhoIs [JAKE]
45 55 Message Processing Module [37,JBP]
47 57 NI FTP [50,CJB]
49 61 RAND Network Graphics Conference [30,MO2]
51 63 Message Generator Control [52,DFP]
53 65 AUTODIN II FTP [21,EC5]
55 67 ISI Graphics Language [3,RB6]
57 71 MTP [45,JBP]
59 73 New MIT Host Status [SWG]
61-63 75-77 Unassigned [JBP]
Postel [Page 8]
RFC 790 September 1981
Assigned Numbers
Port or Socket Numbers
Host Specific Functions
Decimal Octal Description References
------- ----- ----------- ----------
65 101 Unassigned [JBP]
67 103 Datacomputer at CCA [8,JZS]
69 105 Unassigned [JBP]
69 105 Trivial File Transfer [47,KRS]
71 107 NETRJS (EBCDIC) at UCLA-CCN [5,17,RTB]
73 111 NETRJS (ASCII-68) at UCLA-CCN [5,17,RTB]
75 113 NETRJS (ASCII-63) at UCLA-CCN [5,17,RTB]
77 115 any private RJE server [JBP]
79 117 Name or Finger [23,17,KLH]
81 121 Unassigned [JBP]
83 123 MIT ML Device [MOON]
85 125 MIT ML Device [MOON]
87 127 any terminal link [JBP]
89 131 SU/MIT Telnet Gateway [MRC]
91 133 MIT Dover Spooler [EBM]
93 135 BBN RCC Accounting [DT]
95 137 SUPDUP [15,MRC]
97 141 Datacomputer Status [8,JZS]
99 143 CADC - NIFTP via UCL [PLH]
101 145 NPL - NIFTP via UCL [PLH]
103 147 BNPL - NIFTP via UCL [PLH]
105 151 CAMBRIDGE - NIFTP via UCL [PLH]
107 153 HARWELL - NIFTP via UCL [PLH]
109 155 SWURCC - NIFTP via UCL [PLH]
111 157 ESSEX - NIFTP via UCL [PLH]
113 161 RUTHERFORD - NIFTP via UCL [PLH]
115-129 163-201 Unassigned [JBP]
131 203 Datacomputer [8,JZS]
Reserved for Future Use
Decimal Octal Description References
------- ----- ----------- ----------
132-223 204-337 Reserved [JBP]
Postel [Page 9]
RFC 790 September 1981
Assigned Numbers
Port or Socket Numbers
Experimental Functions
Decimal Octal Description References
------- ----- ----------- ----------
224-239 340-357 Unassigned [JBP]
241 361 NCP Measurement [9,JBP]
243 363 Survey Measurement [2,AV]
245 365 LINK [7,RDB2]
247 367 TIPSRV [RHT]
249-255 371-377 RSEXEC [51,RHT]
ASSIGNED LINK NUMBERS
The word "link" here refers to a field in the original ARPANET
Host/IMP interface leader. The link was originally defined as an 8
bit field. Some time after the ARPANET Host-to-Host (AHHP) protocol
was defined and, by now, some time ago the definition of this field
was changed to "Message-ID" and the length to 12 bits. The name link
now refers to the high order 8 bits of this 12 bit message-id field.
The low order 4 bits of the message-id field are to be zero unless
specifically specified otherwise for the particular protocol used on
that link. The Host/IMP interface is defined in BBN report 1822 [1].
Link Assignments:
Decimal Octal Description References
------- ----- ----------- ----------
0 0 AHHP Control Messages [28,17,JBP]
1 1 Reserved [JBP]
2-71 2-107 AHHP Regular Messages [28,17,JBP]
72-150 110-226 Reserved [JBP]
151 227 CHAOS Protocol [MOON]
152 230 PARC Universal Protocol [4,EAT3]
153 231 TIP Status Reporting [JGH]
154 232 TIP Accounting [JGH]
155 233 Internet Protocol (regular) [33,JBP]
156-158 234-236 Internet Protocol (experimental) [33,JBP]
159-191 237-277 Measurements [9,VGC]
192-195 300-303 Unassigned [JBP]
196-255 304-377 Experimental Protocols [JBP]
224-255 340-377 NVP [12,17,DC]
248-255 370-377 Network Maintenance [JGH]
Postel [Page 10]
RFC 790 September 1981
Assigned Numbers
Documents
DOCUMENTS
---------
[1] BBN, "Specifications for the Interconnection of a Host and an
IMP", Report 1822, Bolt Beranek and Newman, Cambridge,
Massachusetts, May 1978.
[2] Bhushan, A., "A Report on the Survey Project", RFC 530,
NIC 17375, 22 June 1973.
[3] Bisbey, R., D. Hollingworth, and B. Britt, "Graphics Language
(version 2.1)", ISI/TM-80-18, USC/Information Sciences
Institute, July 1980.
[4] Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, "PUP: An
Internetwork Architecture", XEROX Palo Alto Research Center,
CSL-79-10, July 1979; also in IEEE Transactions on
Communication, Volume COM-28, Number 4, April 1980.
[5] Braden, R., "NETRJS Protocol", RFC 740, NIC 42423,
22 November 1977. Also in [17].
[6] Bressler, B., "Remote Job Entry Protocol", RFC 407, NIC
12112, 16 October 72. Also in [17].
[7] Bressler, R., "Inter-Entity Communication -- An Experiment",
RFC 441, NIC 13773, 19 January 1973.
[8] CCA, "Datacomputer Version 5/4 User Manual", Computer
Corporation of America, August 1979.
[9] Cerf, V., "NCP Statistics", RFC 388, NIC 11360,
23 August 1972.
[10] Clark, D., "Revision of DSP Specification", Local Network Note
9, Laboratory for Computer Science, MIT, 17 June 1977.
[11] Clements, R., "FTPSRV -- Extensions for Tenex Paged Files",
RFC 683, NIC 32251, 3 April 1975. Also in [17].
[12] Cohen, D., "Specifications for the Network Voice Protocol
(NVP)", NSC Note 68, 29 January 1976. Also as USC/Information
Sciences Institute RR-75-39, March 1976, and as RFC 741,
NIC 42444, 22 November 1977. Also in [17].
[13] Cohen, D. and J. Postel, "Multiplexing Protocol", IEN 90,
USC/Information Sciences Institute, May 1979.
Postel [Page 11]
RFC 790 September 1981
Assigned Numbers
Documents
[14] COMPASS, "Semi-Annual Technical Report", CADD-7603-0411,
Massachusetts Computer Associates, 4 March 1976. Also as,
"National Software Works, Status Report No. 1",
RADC-TR-76-276, Volume 1, September 1976. And COMPASS. "Second
Semi-Annual Report", CADD-7608-1611, Massachusetts Computer
Associates, 16 August 1976.
[15] Crispin, M., "SUPDUP Protocol", RFC 734, NIC 41953,
7 October 1977. Also in [17].
[16] Crispin, M. and I. Zabala, "DIALNET Protocols", Stanford
University Artificial Intelligence Laboratory, July 1978.
[17] Feinler, E. and J. Postel, eds., "ARPANET Protocol Handbook",
NIC 7104, for the Defense Communications Agency by SRI
International, Menlo Park, California, Revised January 1978.
[18] Flood Page, D., "Gateway Monitoring Protocol", IEN 131,
February 1980.
[19] Flood Page, D., "CMCC Performance Measurement Message
Formats", IEN 157, September 1980.
[20] Forgie, J., "ST - A Proposed Internet Stream Protocol",
IEN 119, M.I.T. Lincoln Laboratory, September 1979.
[21] Forsdick, H., and A. McKenzie, "FTP Functional Specification",
Bolt Beranek and Newman, Report 4051, August 1979.
[22] Harrenstien, K., J. Postel, "Time Server", IEN 142,
April 1980. Also in [17].
[23] Harrenstien, K., "Name/Finger", RFC 742, NIC 42758,
30 December 1977. Also in [17].
[24] Harvey, B., "One More Try on the FTP", RFC 691, NIC 32700,
6 June 1975.
[25] Haverty, J., "XNET Formats for Internet Protocol Version 4",
IEN 158, October 1980.
[26] McCarthy, J. and L. Earnest, "DIALNET", Stanford University
Artificial Intelligence Laboratory, Undated.
[27] McKenzie, A., "File Transfer Protocol", RFC 454, NIC 14333,
16 February 1973.
Postel [Page 12]
RFC 790 September 1981
Assigned Numbers
Documents
[28] McKenzie,A., "Host/Host Protocol for the ARPA Network",
NIC 8246, January 1972. Also in [17].
[29] NSW Protocol Committee, "MSG: The Interprocess Communication
Facility for the National Software Works", CADD-7612-2411,
Massachusetts Computer Associates, BBN 3237, Bolt Beranek and
Newman, Revised 24 December 1976.
[30] O'Brien, M., "A Network Graphical Conferencing System", RAND
Corporation, N-1250-ARPA, August 1979.
[31] Postel, J., "Character Generator Process", RFC 429, NIC 13281,
12 December 1972.
[32] Postel, J., "Discard Process", RFC 348, NIC 10427,
30 May 1972.
[33] Postel, J., ed., "Internet Protocol - DARPA Internet Program
Protocol Specification", RFC 791, USC/Information Sciences
Institute, September 1981.
[34] Postel, J., ed., "Transmission Control Protocol - DARPA
Internet Program Protocol Specification", RFC 793,
USC/Information Sciences Institute, September 1981.
[35] Postel, J., "Echo Process", RFC 347, NIC 10426, 30 May 1972.
[36] Postel, J., "File Transfer Protocol", RFC 765, IEN 149,
June 1980.
[37] Postel, J., "Internet Message Protocol", RFC 759, IEN 113,
USC/Information Sciences Institute, August 1980.
[38] Postel, J., "Name Server", IEN 116, USC/Information Sciences
Institute, August 1979.
[39] Postel, J., "Official Initial Connection Protocol", NIC 7101,
11 June 1971. Also in [17].
[40] Postel, J., "Telnet Protocol", RFC 318, NIC 9348,
3 April 1972.
[41] Postel, J., "Telnet Protocol Specification", RFC 764, IEN 148,
June 1980.
[42] Postel, J., "User Datagram Protocol", RFC 768 USC/Information
Sciences Institute, August 1980.
Postel [Page 13]
RFC 790 September 1981
Assigned Numbers
Documents
[43] Reed, D., "Protocols for the LCS Network", Local Network Note
3, Laboratory for Computer Science, MIT, 29 November 1976.
[44] Skelton, A., S. Holmgren, and D. Wood, "The MITRE Cablenet
Project", IEN 96, April 1979.
[45] Sluizer, S., and J. Postel, "Mail Transfer Protocol", RFC 780,
USC/Information Sciences Institute, May 1981.
[46] Sproull, R., and E. Thomas. "A Networks Graphics Protocol",
NIC 24308, 16 August 1974. Also in [17].
[47] Sollins, K., "The TFTP Protocol (revision 2)", RFC 783,
MIT/LCS, June 1981.
[48] Strazisar, V., "Gateway Routing: An Implementation
Specification", IEN 30, Bolt Berenak and Newman, April 1979.
[49] Strazisar, V., "How to Build a Gateway", IEN 109, Bolt Berenak
and Newman, August 1979.
[50] The High Level Protocol Group, "A Network Independent File
Transfer Protocol", INWG Protocol Note 86, December 1977.
[51] Thomas, R., "A Resource Sharing Executive for the ARPANET",
AFIPS Conference Proceedings, 42:155-163, NCC, 1973.
[52] Flood Page, D., "A Simple Message Generator", IEN 172, Bolt
Berenak and Newman, March 1981.
[53] Postel, J., "Internet Control Message Protocol - DARPA
Internet Program Protocol Specification", RFC 792,
USC/Information Sciences Institute, September 1981.
[54] Postel, J., "Simple Mail Transfer Protocol", RFC 788,
USC/Information Sciences Institute, September 1981.
[55] Littauer, B., "A Host Monitoring Protocol"", IEN 197, Bolt
Berenak and Newman, September 1981.
Postel [Page 14]
RFC 790 September 1981
Assigned Numbers
People
PEOPLE
------
[DCA2] Don Allen BBN Allen@BBND
[CJB] Chris Bennett UCL UKSAT@ISIE
[RB6] Richard Bisbey ISI Bisbey@ISIB
[RTB] Bob Braden UCLA Braden@ISIA
[RDB2] Robert Bressler BBN Bressler@BBNE
[EC5] Ed Cain DCEC cain@EDN-Unix
[VGC] Vint Cerf ARPA Cerf@ISIA
[NC3] J. Noel Chiappa MIT JNC@MIT-XX
[SGC] Steve Chipman BBN Chipman@BBNA
[DDC2] David Clark MIT Clark@MIT-Multics
[DC] Danny Cohen ISI Cohen@ISIB
[MRC] Mark Crispin Stanford Admin.MRC@SU-SCORE
[BD2] Brian Davies RSRE T45@ISIE
[JAKE] Jake Feinler SRI Feinler@SRI-KL
[DFP] David Flood Page BBN DFloodPage@BBNE
[JWF] Jim Forgie LL Forgie@BBNC
[SWG] Stu Galley MIT SWG@MIT-DMS
[GEOF] Geoff Goodfellow SRI Geoff@DARCOM-KA
[KLH] Ken Harrenstien MIT KLH@MIT-AI
[JFH2] Jack Haverty BBN JHaverty@BBN-Unix
[JGH] Jim Herman BBN Herman@BBNE
[PLH] Peter Higginson UCL UKSAT@ISIE
[RH6] Robert Hinden BBN Hinden@BBNE
[CH2] Charles Hornig Honeywell Hornig@MIT-Multics
[EAK] Earl Killian LLL EAK@MIT-MC
[PK] Peter Kirstein UCL Kirstein@ISIA
[DRL] David Lyons DEC Lyons@DEC-2136
[HM] Hank Magnuski --- ---
[JEM] Jim Mathis SRI Mathis@SRI-KL
[DM11] Dale McNeill BBN DMcNeill@BBNE
[DLM1] David Mills COMSAT Mills@ISIE
[MOON] David Moon MIT Moon@MIT-MC
[EBM] Eliot Moss MIT EBM@MIT-XX
[MO2] Michael O'Brien RAND OBrien@RAND-Unix
[KTP] Ken Pogran BBN Pogran@BBND
[JBP] Jon Postel ISI Postel@ISIF
[JZS] Joanne Sattely CCA JZS@CCA
[APS] Anita Skelton MITRE skelton@MITRE
[KRS] Karen Sollins MIT Sollins@MIT-XX
[VMS] Virginia Strazisar BBN Strazisar@BBNA
[EAT3] Ed Taft XEROX Taft.PA@PARC
[DT] Dan Tappan BBN Tappan@BBNG
[RHT] Robert Thomas BBN Thomas@BBNA
[AV] Al Vezza MIT AV@MIT-XX
[CJW2] Cliff Weinstein LL cjw@LL-11
Postel [Page 15]

2885
docs/rfc791.txt Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
docs/sig.bmp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.0 KiB

BIN
docs/tax98/JOINT.BAK Normal file
View File

Binary file not shown.

BIN
docs/tax98/JOINT.F98 Normal file
View File

Binary file not shown.

BIN
docs/tax98/JOINT2.BAK Normal file
View File

Binary file not shown.

BIN
docs/tax98/JOINT2.F98 Normal file
View File

Binary file not shown.

BIN
docs/tax98/MYTAXES.F98 Normal file
View File

Binary file not shown.

BIN
docs/tax98/RONI.BAK Normal file
View File

Binary file not shown.

BIN
docs/tax98/RONI.F98 Normal file
View File

Binary file not shown.

BIN
docs/tmp/DALI.BMP Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 385 KiB

BIN
docs/vmspec.pdf Normal file
View File

Binary file not shown.