======================================= T H E N E W F O N E E X P R E S S ======================================= The newsletter of the Society for the Freedom of Information (SFI) Electronic Edition --------------------------------------------------------------------------- The publisher, SFI, distribution site(s), and authors contributing to the NFX are protected by the Bill of Rights in the U.S. Constitution, which specifically protects freedom of speech and freedom of the press. The information provided in this magazine is for informational purposes only, and the publisher, SFI, distribution site(s) and authors are not responsible for any problems resulting from the use of this information. Nor is SFI responsible for consequences resulting from authors' actions. This disclaimer is retroactive to all previous issues of the NFX. We accept article submissions of nearly any sort, about hack/phreak/anarchy/gov't/nets/etc. Send mail to the publisher (The Cavalier) at any of these addresses: Ripco [send mail to Silicon Avalanche] Project Phusion [send mail to Silicon Avalanche] Soul Pit [send mail to Daisy Farmer] The printed edition of the newsletter may be publicly available soon. The info will appear here as soon as possible. To be quite honest, the printed version looks a hell of a lot better; but as of now, only the members of SFI receive it. --------------------------------------------------------------------------- Highlights for Issue #2/July 1991 ================================= Q Phones Go Bye-Bye ... typed by Silicon Lightning, edited (see article # 1) Q Chemistry Lesson ... by Maelmord (see article # 2) Q A Pick Tutorial pt. 1 ... by Silicon Lightning (see article # 3) Q State of Surveillance pt. 2 ... by the Cavalier (see article # 4) Q T1 Dictionary ... by the Cavalier (see article # 5) Q T1: Digital Communications ... by the Cavalier (see article # 6) Q Trend Watcher ... by the Cavalier (see article # 7) Q Updated SS7 Area Table ... edited (see article # 8) Q Corrections ... edited (see article # 9) Q Editorial ... by the Cavalier (see article # 10) ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ Phones Go Bye-Bye [Ed: One day before this issue was scheduled to go to press, we received this news from Silicon Lightning. We are nearly positive that this software is part of the Signaling System 7 mods.] ... Computer malfunction disrupts phone service ... WASHINGTON (AP) - Service disruptions blamed on computer trouble plagued millions of telephones in the nation's capital and three nearby states Wednesday and phone users across much of California had similar problems. In Washington, government agencies fared better than private homes and businesses. The White House said it felt no major impact and added that in a pinch President Bush could get through to any telephone in the country on special high-priority lines. But Bell Atlantic said 6.7 million telephone lines in Washington, Maryland, Virginia, and parts of West Virginia were hit with service disruptions. A software glitch disrupted Pacific Bell service in the Los Angeles area at midday Wednesday, interfering with phone calls in much of the 213, 818, 714, and 805 area codes. "It seems like our software just decided to take the day off," said Pacific Bell spokeswoman Linda Bonniksen in Orange County. Pacific Bell officials said most service was restored by midafternoon. Federal Communications Commission Chairman Alfred C. Sikes issued a statement vowing to "find out the cause of this problem." He said initial reports indicated the root of the trouble "may be both network and software problems." Jay Grossman, a spokesman for Bell Atlantic, said the problem affected most local calls and left outbound long-distance service sporadic. He said inbound calls appeared to be functioning normally. The disruption occurred about 11:40 a.m. EDT while workers for Bell Atlantic's Chesapeake & Potomac Telephone Co. in Baltimore were working on a computer that controlled the distribution of traffic in the calling network. Backup systems that were supposed to reroute calls in the event of a breakdown also malfunctioned. C&P is a subsidiary of Philadelphia-based Bell Atlantic, one of seven regional phone companies created by the 1984 breakup of the Bell System. A disruption in the C&P system would not extend outside the mid-Atlantic states that Bell Atlantic serves. At early evening, officials said they were still not certain when service would be restored. "The network has come back up temporarily and then collapsed in places," said Michael Daley, a C&P spokesman. The disruption forced people to improvise. When office telephones malfunctioned, some workers tried the payphones on the street. "This is just terrible," said Dee Sibley, who works for a Washington legal firm. "We rely so heavily on the telephone to do our business. Right now I'm standing here at a payphone returning calls >from clients, some of whom we're working on important business for." Joseph Deoudes, vice president and owner of District Courier Services, Inc. in Washington, said telephone problems "paralyzed" his business. "It's really rough," he said. "I'm not making any money today." ...... Taken from The Potomac News, Thursday June 27, 1991. Pg A4. ..... ............ Courtesy of Silicon Avalanche ........... ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ Chemistry Lesson For this edition of the SFI newsletter, New Fone Express, the Cavalier has asked me to write an article about one of my favorite subjects, chemistry. This article will deal not with ordinary chemistry, but with a particularly explosive branch sometimes called pyrotechnics. The mixtures that will be described here are generally considered low explosives, but are in no way to be considered playthings! Use extreme caution when employing any chemicals! Also, work in an area free of anything that could fall on or cause to fall, your experiments. I know too many people who have failed to follow this simple advice and are unhappily the wiser. When first experimenting, use only minute portions of the chemicals. Simple advice, but important to follow. Now for some standard text here. YES! The DISCLAIMER! No member of SFI, or any person associated with this newsletter, New Fone Express, can accept or be found responsible in any shape or form for the content, consequences or actions resulting from information detailed in New Fone Express. Under the Constitution, this newsletter and the articles contained within are expressly protected. This disclaimer is in addition to that which is printed on the front page of the New Fone Express. Ok now that that's over, on to the real information. First, a description of the ingredients you will be using in the making of these explosives. Potassium nitrate and sodium nitrate: without a doubt one of the safest low explosives to handle. Especially good when packed into a container and exploded under pressure. Smokeless powder: this type of low explosive is much like the above, in the sense of stability, but it is also much more powerful. It too needs pressure to be set off. Potassium chlorates with sulfates: any mixture of potassium or sodium chlorates should be avoided at all costs. Most compounds will explode on formation. Ammonium nitrate with chlorates: similar to above, yet even more unstable. Potassium chlorate and red phosphorus: this will again explode immediately and violently upon formation. Don't mess with this. Aluminum with sodium peroxide, or potassium nitrate. This is a little more stable, but is still too dangerous to play with. Barium chlorate with shellac gums: any mixture containing either barium or barium nitrate and carbon, or barium chlorate and any other substance should be given great care. Barium and strontium nitrate with aluminum and potassium perchlorate: this combination is relatively safe, as is the combination of barium nitrate and sulfur, potassium nitrate, and most other powdered metals. Guanidine nitrate and a combustible: the combination of guanidine nitrate and a combustible (ie. powdered antimony) is one of the safest of all of the low explosives. Potassium bichromate and potassium permanganate: this compound is very unstable and too dangerous to work with. With that brief introduction to the effects of various chemicals you will be working with it's time to make some explosives: The following is a list of explosive compounds. The first chemical listed is the oxidating agent (the explosive) the second is the combustible (what sets off the explosive) In most of these plans you mix 3 parts oxidating agent and 1 part combustible. However, different mixtures will yield varying degrees efficiency. 1. nitric acid and resin 2. barium nitrate and magnesium 3. ammonium nitrate and powdered aluminum 4. barium peroxide and zinc dust 5. ammonium perchlorate and asphaltum 6. sodium chlorate and shellac gum 7. potassium nitrate (salt peter) and charcoal (basically gunpowder without the sulfur) 8. sodium peroxide and flowers of sulfur 9. magnesium perchlorate and woodmeal 10. potassium perchlorate and cane sugar 11. sodium nitrate and sulfur flour 12. potassium bichromate and antimony sulfide 13. guanidine nitrate and powdered antimony 14. potassium chlorate and red phosphorus 15. potassium permanganate and powdered sugar 16. barium chlorate and paraffin wax When employing the use of any high explosive, an individual must also use some kind of detonating device. Blasting caps are probably the most popular today, since they are very functional and relatively stable. The prime ingredient in most blasting caps and detonating devices in general is mercury fulminate. There are several methods for preparing fulminate. Method #1 for preparation of MF: -------------------------------- 1) 5 grams of pure mercury and mixed with 35 ml. of nitric acid. 2) The mixture is slowly and gently heated. As soon as the solution bubbles and turns green, the silver mercury is dissolved. 3) After it is dissolved, the solution should be poured, slowly, into a small flask of ethyl alcohol and will result in red fumes. 4) After a half hour or so, the red fumes will turn white, indicating that the process is nearing its final stages. 5) After a few minutes, add distilled water to the solution. 6) The entire solution is now filtered, in order to obtain the small white crystals. These crystals are pure mercury fulminate, but should be washed many times, and tested with litmus paper for any remaining undesirable acid. Method #2 for preparation of MF: -------------------------------- 1) Mix one part mercuric acid with ten parts ammonia solution. When ratios are described, they are always done according to weight rather than volume. 2) After waiting eight to ten days, the mercuric oxide will have reacted with the ammonia solution to produce the white fulminate crystals. 3) These crystals must be handled in the same way as the first method described, and must be washed many times and given several litmus paper tests. All fulminates are sensitive to shock and friction, and should be handled in a gentle manner. Now that you have a basic background in explosive chemistry, why not find out a few ways to use this knowledge. There are three different types of time-delay devices: 1) Metal strips under tension until breakage. 2) Chemical action that will produce enough heat to detonate an explosive 3) An alarm clock set for a certain time which when triggered, completes an electrical circuit, and detonates an electrical blasting cap. The first method, metal under tension until breakage, is hazardous and unreliable. There is little or no control over timing, and such devices are notorious for backfiring. Good luck! The chemical-action time-delay methods have proven to be reliable. Most of this action incorporates the amount time taken by certain solution of acid to eat its way through another substance. The time length can be determined by the concentration of the acid and by the substance to be eaten through. Chemical-Delay Time-Bomb ------------------------ Obtain a short section of steel pipe and a cap for each end. Place inside the steel pipe a stick of dynamite, and drill a quarter-inch hole at on end of one cap. Into this hole, place a small measure of potassium chlorate and gunpowder. Prepare a small glass vial, filled with a concentrated sulfuric acid solution and stop up the end with a paper or cork stopper. To arm the bomb, place the vial of acid upside down in the hole at the top of the pipe. When the acid has eaten its way through the stopper, it will come in contact with the potassium chlorate and gunpowder. The mixture of these chemicals will cause a minor explosion, but it will be large enough to produce the heat necessary to detonate the dynamite. The detonation time is usually between three and six hours. If a solution of sulfuric acid and glycerin is used, rather than pure sulfuric acid, the time delay will be up to five or six days. And now, perhaps one of the oldest forms of bombs, one of the most unreliable, deadly, and treacherous. Letter bombs are very simple to make, but the difficult part is making sure it will detonate properly and that it is not obvious that it is a bomb. Mixtures: --------- About 75% aluminum powder with 25% iron powder is best. This is a light version of thermite. Mix the above well. The idea is this: ----------------- Iron can burn, at a very high temperature, but it needs a little help. This is what the aluminum is for. Aluminum burns at a relatively low temperature, so it is used as a catalyst of sorts. Magnesium is used to flash-ignite the aluminum, which then burns the iron, at a suitable temperature. Since this is going off in an enclosed space, it will burn much hotter and slower and with more violence than a normal mix. Use an insulated (padded) envelope, the type that is double layered. Separate the layers. in the inner layer goes the light thermite. Keep this section separate, perhaps topping it off with some magnesium. The outer layer can be either magnesium, for a flash bomb, or possibly a material of your own choice. The fuse: --------- We can make a fuse from another set of chemicals: Iodine crystals, and ammonium hydroxide in liquid form. Mix these together, in about an equal amount. These form a new crystalline structure and are highly volatile with the impact power of an M-100 per teaspoon. Put these in a protective cardboard lining and place them at the top of the envelope. Rig this so it puts pressure on the crystals when the package is opened, but not from just squeezing the envelope. Take care in this step, for it is vital to properly set the fuse. Seal this up, and you have a working letter bomb. However, since the bulk of letter bombs is easily recognizable, they rarely make it past the post office. How to avoid letter bombs: -------------------------- Since you made it this far, you might as well know how to avoid being detonated with a letter bomb that may be sent to you. 1) Never open a letter bomb the way it wants to be opened! This is the way of possibly avoiding the fuse. If it is set to detonate on contact with air, then you can kiss some air. 2) Don't squeeze, bend, or sneeze! 3) If it looks like a bomb, then don't even touch it! This is the best way to avoid meeting your maker! Hopefully, this information will be put to good use. Any response or request can be routed through the Cavalier to me. If this receives a good word from him, perhaps I will have to write a piece on high-explosives. Fun stuff indeed! Maelmord?. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ A Pick Tutorial [Ed: Pick is a database-oriented operating system that is rapidly gaining popularity with Unix. At last check there were over 250,000 Pick users worldwid e.] A Pick Tutorial - Courtesy of Silicon Avalanche of SFI Installment #1 HOW DO I KNOW IT'S A PICK SYSTEM? Most Pick Computers (including Prime, McDonnell Douglas (Microdata), Sequoia, ADDS, and many others) have got a sort of standardized login prompt. Regardless of the information displayed, be it 2 or 3 pages of system identification, or merely a blank screen, 98% of the Pick computers prompt the user with either of 3 prompts. (1.) (2.) (3.) Logon Logon Please: Enter Account Name: These prompts may be in upper or lower case, or similar versions of the above prompts. If the user enters an invalid account, the system will display USER ID? and will rapidly scroll up the screen to do a refresh and clear - this restarts the logon message and returns the user to the logon prompt. This USER ID? error message is the 'trademark' of a Pick computer. I have never seen any other computer system use this error message, and I have never seen any Pick system that did not use that error message. If the user enters a valid account name, (a brief listing of defaults will be given shortly), and the account has a password on it, the password will be prompted for with a PASSWORD: prompt. This prompt is also pretty much a Pick standard prompt. If the incorrect password is entered, the user will get the same USER ID? error message, and will be returned to the logon prompt. Two or three (depending on the system) incorrect account name and/or passwords will result in a user lockout - this problem will be easily remedied by entering: HA and hitting Return twice. This should return you to the logon prompt for another round of account/password attempts. DEFAULT ACCOUNT NAMES AND PASSWORDS Pick has got 1 definite account, equivalent to the Root account in Unix, its name is SYSPROG. On new, or poorly designed systems, SYSPROG usually has no password - if that's what you've discovered, congratulations! Otherwise, good luck. Other Account & Password Defaults can include: Account Name / Password ------------------------/--------- OBSOLETE / <-- None PREVIEW / <-- None TUTOR / LEARN and others. If you find an account, and you can get inside, great. I'm not going to discuss means of hacking in this series, there's enough information on that subject already. Pick passwords and account names can be just about any length. The passwords are encrypted in CRC-32 when they are stored on the disk, so a password of 180 characters requires the same storage space as one with only 1 or 2 characters. The passwords (not the encryption of them) is alphanumeric, can contain imbedded spaces and punctuation marks, control characters, etc. They are basically constructed of any combinations of ASCII characters ranging from decimal 001 to 251. (252 - 255 are used for other reasons to be discussed later.) The encryption of the password, as I have said, uses CRC-32, to produce an 8 digit hexadecimal code for storage. OTHER ACCOUNT NAME IDEAS Most of the Pick systems have accounts that are people's names, like Joan or Phil, and these fall prey to the stupidity of the 'owners' of those accounts. For example - these accounts commonly either have no password, or ones that are related to the accountname. As an illustration, one system I know has an account named 'PAUL' with the password of LUAP. (Paul backwards.) Upon noticing my presence, this password was changed to , the forms of the initials of the owner of that account. Other ideas for account names are the name of the company, (like XYZ might be a valid account on XYZ Incorporated's computer), or divisions of the company, (like ACCOUNTING or SHIPPING). There is no record kept of invalid logons, so essentially, you have as many tries as you may need or want. NEXT ISSUE The next issue of The New Fone Express will contain the next installment of the Pick tutorial. This next installment will include some basic things to do in a Pick system computer, a brief glossary of Pick terms, and how to create yourself a new account with your own password to insure future access. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ State of Surveillance (pt. 2) This second installment covers non-telephone audio bugs. First, we'll start out with passive audio bugs, or bugs that don't need to actively transmit a signal from the area being bugged. One such example is the window-reflection laser bug, which consists of a laser being aimed at a window pane in the room to be bugged. Since the laser emits a coherent beam of light that (if unobstructed) can travel long distances, the actual laser itself can be quite a distance away from the window to be bugged. It works because sound creates very slight vibrations in the window glass, and the laser beam is modulated or pulsed by the vibrating window. The beam is then reflected back to a photodiode, an electronic part that detects these vibrations. The electrical signal from the photodiode can then be amplified and fed through some sort of listening device. As for detecting this type of bug, it is extremely hard to do so. Since the chances are good that the laser is infrared, one way to detect it would be to use an infrared detector card, readily available at your nearest Radio Shack for about $5.95. After turning off the lights in the room, one would move the card around the outside of the window in question and observing the card. One way to counter the bug would be to generate an extremely high-frequency sound, which would piss off all the dogs in your area but would probably do a good job of countering the laser bug. Given a decent amount of electronics experience, one could probably build one for under $20, but you can buy one commercially that sticks on to the window w/ a suction cup for about $900, last I checked. Another example in the history of passive audio bugs is the device hidden in the American embassy in the Soviet Union in the '50s. Apparently, the Soviets had placed a tuned resonant cavity with a diaphragm and antenna inside a carefully-carved wooden presidential seal given as a gift to a new American ambassador, who mounted it in his office unknowingly. The Soviets aimed a high-power microwave beam at the antenna (as a matter of fact, the beam was powerful enough to injure some embassy personnel) and bounced it back to a receiver. The modulation of the beam caused by hitting the antenna picked up the sound in the room. The principle of the above two bugs is similar: if you have a substance that can act as a diaphragm, or something that will vibrate when sound waves hit it, you can bug it. A rather esoteric example invented in the '60s is going up to the roof of the building to bug and lowering a microphone into the toilet air pipe (no kidding). Since any sort of sound in the room would, of course, vibrate the water, and then vibrate the air in the pipe, it should actually work rather well. If the pipe is the right length, you might not even need the microphone, due to the principles of open-air resonance. The best way to counter this type of listener would be to simply go to the bathroom, which would disturb the water and mask whatever sort of conversation you're having in the bathroom. Probably not a bug that's used often. An even easier type of bug to build is a parabolic mike; the same principle is at work with satellite dishes. The dish focuses all the sound rays that hit it onto the focal point, where a microphone is conveniently located. Probably the best way to counter this type of bug would probably be to have your discussion in a noisy area, preferably if the noise is coming from a source near where the mike is pointed. However, some homebrew parabolic mikes out there have the problem that when extremely loud noises are encountered, the amplifier doesn't shut off, thereby blasting bloody hell out of the would-be listener's ears. However, the most common audio bug is the bug that does not record at all; it simply broadcasts the conversations to a receiver. There are an incredible amount of cases involving this type of bug. The problem with detecting this type of bug is that it can be incredibly small; I have personally seen wafer-thin FM bugs that clip onto the top of a 9 volt battery. This bug could transmit up to a half-mile, and could have been quite easily hidden in a plant, or perhaps behind a piece of furniture. The problem was that the bug transmitted over the FM radio band; any FM radio could have picked it up. This is why nearly all radio bugs in federal/commercial use today use frequencies that cannot be easily picked up; some transmit in the gigahertz range around the microwave band, which is quite beyond the range of most scanners. A good way to power this type of bug is to install it into an electric socket or light switch and hook it up to the power coming from the AC line. There is no really good way to shut off this type of bug short of jamming their frequency (requiring you to find the frequency it broadcasts on in the first place) or to shut off their power source. A fascinating idea in making this type of bug literally freak out is to aim a high-voltage stream of electrons at the bug; if the bug is even remotely electronic and non-shielded, it should affect the bug badly. But, this requires you to know the general location of the bug in the first place, so... my idea, though, is that if the stream is powerful enough, it should knock out the bug entirely, allowing you to do 'scans' without needing to actually know there is a bug there in the first place. Interestingly enough, it is legal to record a conversation you are having with someone else in a room if one of the two parties involved in the conversation is doing the recording. Commercially-made tricks for doing this include a cassette recorder small enough to fit somewhere else on your body, such as in an inside suit pocket. A wire runs to your shirt pocket, with the top half of a pen protruding from the pocket. Moving the pen up or down turns on or off the recorder. A common government trick is to hide the recorder in a briefcase; which is one way they bust big-time drug and arms dealers. A good way to screw up a non-shielded recording bug would be to generate an extremely powerful magnetic field in the area of the tape, thereby erasing the tape. But if the government wants you badly enough and the magnetic field wasn't all that strong, it is still possible to reconstruct a tape full of magnetic dropouts. But, it is doubtful whether such evidence would hold up in court. Also, if someone connects a recor der to the bug, it is not necessary to have wires leading to it - a technique which can be used is to buy a conductive-paint pen and literally draw the connections on. Look for bright silver traces on whatever surface you are looking at; the problem is, this type of trace can be easily painted over. The next installment will cover video bugs. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ T1 Dictionary This is the dictionary of terms and acronyms for the T1 article elsewhere in this issue. ACAMI - Alternate Channel Alternate Mark Inversion, a system of encoding data over a T1 channel, or a 'T1 line code.' In this line code, data is assigned to alternate DS0 channels, from the lowest to the highest (DS0 1, 3, 5..) The other DS0 channels (in this example, 2, 4, 6..) must have a fixed byte present on the channel. ACAMI is a relatively inefficient coding system, because it wastes half of the bandwidth -- it uses two DS0 channels to do the work of one. ACAMI is being phased out. ACCUNET - ACCUNET is AT&T's 'family of digital services,' also known as ASDS. ACCUNET T1.5 is a private line digital communication service running at 1.544 Mbps. AMI - Alternate Mark Inversion, another system of encoding data over a T1 channel, or a 'T1 line code.' In this line code, each logical one must have an opposite polarity as compared to the last logical one. Logical zero is equivalent to ground. ASDS - see ACCUNET. B8ZS - Binary 8 Zero Suppression, yet another system of encoding data over a T1 channel, or a 'T1 line code.' In this line code, pre-defined sequences of bipolar violations (BPVs) are generated to maintain the bit density, and at the other end of the T1 link, the BPVs are corrected and the correct data is passed along. The most efficient T1 line code in current use. ESF framing is required with B8ZS running at 64K Clear. CCC - Clear Channel Capability (no, not the Chaos Computer Club...), or the capability to use all 64Kbps of bandwidth of a DS0 link. Without CCC, only 56kbps is usable, because the extra 8Kbps is used to "keep the network running smoothly." Also known as 64K Clear. Cloud - the public telephone network, "called a cloud because user can connect at one point on it and expect data/voice input to pass-through to the other side and emerge in the proper sequence and format." CPE - Customer Premises Equipment. A fancy way of describing the phone company equipment that resides at the business that uses T1, and that encodes and decodes signaling and channel information. D4 - a T1 framing system dividing a T1 pipe into 24 channels, with a single D4 frame being equal to a DS0. DACS - Digital Access and Cross-Connect Systems, (in this article) a standard for devices connecting DS0 and DS1 links into the public network. DACS uses D4 framing, which specifies that each 193rd bit be used for framing. DDS - Digital Data Service. A 56Kbps or 9.6Kbps digital link. DS0 - Digital Signal, Level 0 - a 64 Kbps link. A segment of a fractional T1 channel. DS1 - Digital Signal, Level 1 - a 1.544 Mbps link. A full T1 channel. DS3 - Digital Signal, Level 3 - a 44.736 Mbps link. A full T3 channel. ESF - Extended Superframe, the standard format for coding network information in T1 channels. ESF groups every 24 frames and uses the framing bits as a byte used for error correction, diagnostics, and network synchronization, and is non-disruptive. Only 2,000 bits are used with ESF for synchronization, and the remaining 6,000 are used for monitoring network performance. ESF formatting is DACS-compatible. SDM - Subrate Data Multiplexing, a technique used to multiplex data onto a DS0 on the public network. Common rates are 2.4 Kbps, 4.8 Kbps, or 9.6Kbps (2400, 4800, 9600 bps) T1 - a digital link using a DS1 channel that can be made up of 24 DS0 links, used for transmitting large amounts of digital data quickly. T3 - a digital link using a DS3 channel, equivalent to 28 T1 links. See T1 and DS3. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ T1: Digital Communications T1 is a high-speed digital link operating on the public phone network allowing large volumes of data to move from place to place quickly. The standard, non-fractional T1 link is 1.544 Mbps wide, which (to put it in perspective) translates into nearly 161 9600 bps channels. This type of high-volume data channel is generally only affordable by large businesses and institutions that need this type of link, such as CAD/CAM users, high-speed wide-area networks, imaging requirements, or videoconferencing. However, fractional T1 technology has allowed businesses to divide their bandwidth needs into 64 Kbps segments at a proportionally cheaper rate. For example, let's say your network needs 384 Kbps of bandwidth. Using a full T1 link for this would waste quite a lot of money, because that's four times as much bandwidth as you need. So, you can just lease 6 DS0 lines, or 64 Kbps segments of a full T1 link. Any high speed data communications application uses either T1 or above or DDS (see T1 Dictionary). Fractional T1 is a critically important step to ISDN and full Open Network Architecture capabilities. T1 signals are encoded using one of three basic formats: B8ZS, ACAMI, or AMI. Of the three, B8ZS is the most prevalent, because it allows Clear Channel Capability, or the ability to use all 64 Kbps of a DS0 segment to communicate data. ACAMI also allows "64k Clear," but only by sacrificing every other DS0 channel on a T1 link to communicate framing data, wasting half of the available bandwidth. (One T1 or DS1 link consists of 24 DS0 links.) Without B8ZS and ACAMI, DS0 links can only handle 56 Kbps, because the extra 8 Kbps is used for network routing, diagnostics and synchronization information. With B8ZS, there has to be a way to synchronize the network, so the ESF format was introduced. This format groups 24 frames into one, and uses the resulting large framing byte to communicate sync and diagnostic information. All of the major inter-exchange companies (including major long- distance corporations) offer T1 access, including AT&T, U.S. Sprint, and Cable and Wireless. Fractional T1 is also supported by all the above companies, and the local exchange carriers are now getting into the act. A good example of problems with local exchange-carried T1 is what happened recently in St. Louis for nearly a week in June, when over 2,800 fractional T1 links were shut down due to catastrophic system failure. As a result, hundreds of inter-bank ATM links and wide-area networked computers were cut off. As a protection against this, the major inter-exchange carriers have introduced warranties and disaster recovery procedures to insure that even problems as bad as a cut cable will either be compensated for or that the link will be rerouted around the fault, if possible. T3 (ultra-high speed data links), T1 and fractional T1 will be leading the public network into the 21st century. The high capacity of those links will make possible ISDN and ISDN-B (broadband ISDN) runs into the home, providing high-speed digital communications for such applications as cable TV, videotext, rapid data transfer, and eventually even cyberspace. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ Trend Watcher Nethernet1 is tracing connections and reportedly is watched by U.S. gov't agencies. The original 1ESS started development in 1953 and continuous commercial operation started in 1965. It is capable of handling 65,000 lines and 100,000 calls per hour, and down-time of the system is not supposed to exceed 2 hours over a 40 year period. AT&T has a $7 million telecommunications contract with Kuwait to supply Kuwait with, among other products, two 5ESS switches. The 5ESS switch, being an industrial-style passive backplane machine, uses fiber optics to carry bus signals through the backplane. In a somewhat older piece of news, Pacific Bell has incorporated a 5ESS switch into a 48-foot trailer with a 5,000 line capacity and ISDN capability. Pacific Bell estimates that the trailer can be up and running within five hours. It's estimated that with Signaling System Seven, average call completion time will be cut from 10 seconds to 3 seconds. SGS-Thomson, Siemens, and NEC have all produced monolithic SS7 data link chips that fully support OSI Layer 2 (see NFX #1) and have an interface that connect to 80x86 and 680x0 microprocessors. Intel's own performance analysis of its 50-MHz i486 states that it can perform 40.5 MIPS. Microsoft announced plans to build RSA encryption into future applications. According to Computerworld, "National Security Agency officials are battling efforts by the National Institute of Standards and Technology to release a public key encryption standard, fearing that the wide deployment of a system such as RSA's would hamper intelligence-gathering efforts." Per their own advertisement, Unisys systems are installed at 44 of the world's 50 largest banks. According to a recent survey, the number of ISDN interfaces to PABXs will nearly triple over the next year. Northern Telecom has announced a "PBX-on-a-wall" named Option 11, which will include 75 ports, voice mail, and a T1 interface for approx. $22,000. Siemens announced a $3,000 Windows 3.0 PBX management program, allowing administrators to use a PC to handle changes in the system. Hayes has recently introduced a synchronous 64K bps modem designed to operate over an ISDN link. It operates at 38.4kbps in async mode. The cost was around $1600. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ Areas with SS7 as of 06/91 ========================== Location / TelCo ----------------------/-----------------/ Atlanta, GA / BellSouth Tampa, FL / BellSouth?/GTE? Boise, ID / USWest All of New Jersey / United & NJ Bell Las Vegas, NV / Centel Virginia / Bell Atlantic? Washington, D.C. / Bell Atlantic? Kentucky / GTE Austin, TX / Southwestern Bell Olathe, Kansas / Southwestern Bell Los Angeles, CA / ?? (USWest?) Maine / Bell Atlantic? Vermont / Bell Atlantic? Michigan / ?? (Ameritech?) Maryland / Contel/C&P Nebraska / ?? (Ameritech?) Tennessee / BellSouth? South Carolina / BellSouth? West Virginia / Contel/C&P ----------------------/-----------------/ ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ Corrections Corrections from NFX #1: The 5ESS switch can run SS7 as well as the DMS switch, with the STP module. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ Editorial "Communication in the 1990's" Well, here we are at the end of the second issue, and before I say anything else I would like to thank all you for an absolutely smashing response. I have gotten as good a response as expected over WWIVnet, and now that we have expanded our contact range I am hoping to get an even better response. We've made some changes to the structure; now that others are writing articles as well, we've put their handles next to the article name. And again, let me say that I will take an article from nearly ANYONE... you don't have to be in SFI, and if you want I will be quite happy to leave out your handle if you happen to be worried about the government. The only catch is that it has to be original. And even if you don't want to write an article, at least write us a piece of e-mail with your opinion and/or let us know about what topics you'd like to see; I'll publish the letter if you want and see if I can find someone to write an article about the subject in question... so go ahead, I like hearing from everyone... In case the question comes up, the New Fone Express is published much like Tap used to be: when we have enough information worth putting out, we will... we try to hold it to a once- or twice- a month thing, though... but, if we are to put stuff out twice a month, we need your info... Speaking of which, in this one we have a great Pick series from Silicon Avalanche and a great chemistry article from Maelmord.. thanks also to Daisy Farmer for linkups. I sincerely hope the electronic edition looks a hell of a lot better this time around... I know it looked pretty bad on the first issue, but that's because I had to move it from WP5.1 format to ASCII, then move it to a Macintosh, then move it to a Commodore... the two middlemen have been eliminated, so this issue should be a LOT cleaner. Also, for those lucky few (as of this point in time) getting our printed edition, you will notice a change in typeface, as in margins... I had so much more to put in than last time, so I rearranged things 'a little...' This issue is over twice as large as #1. And for those of you wondering about columns, yes, I CAN do columns, but I hate 'em! Well, that will just about do it for this issue. "Whatever nature has in store for mankind, unpleasant as it may be, men must accept, for ignorance is never better than knowledge." --Enrico Fermi, 'father of the atomic bomb' and one of my favorites, "It's unbelievable!" --EMF, when the New Fone Express #2 came out Until next time.