Sunday, July 31, 2005

XML Serialization of a record list

XML Serialization only serializes public data, so I wrote a small contact book application that demonstrates serializing collections by creating a couple of records consisting of name and phone number objects and serializing them.
I wouldnt want to define my variables as public, so I defined them as private, but exposed them through public properties, in which we could implement value checks etc. I annotated those properties with the [XmlElement] attribute so that each of those properties when serialized would become an XML Element as you would see shortly. I did similar with the name class. Note that you need to define default constructors.

public class PhoneNumber
{
int _countryCode;
int _cityCode;
int _number;

[XmlElement("CountryCode")]
public int CountryCode
{
set { _countryCode = value; }
get { return _countryCode; }
}

[XmlElement("CityCode")]
public int CityCode
{
set { _cityCode = value; }
get { return _cityCode; }
}

[XmlElement("Number")]
public int Number
{
set { _number = value; }
get { return _number; }
}

public PhoneNumber(int countryCode, int cityCode, int number)
{
_countryCode = countryCode;
_cityCode = cityCode;
_number = number;
}
public PhoneNumber()
{
}
}

public class Name
{
string _firstName;
string _middleName;
string _lastName;

public Name(string firstName, string middleName, string lastName)
{
_firstName = firstName;
_middleName = middleName;
_lastName = lastName;
}
public Name()
{
}

[XmlElement("firstname")]
public string FirstName
{
get { return _firstName; }
set { _firstName = value; }
}

[XmlElement("middlename")]
public string MiddleName
{
get { return _middleName; }
set { _middleName = value; }
}

[XmlElement("lastname")]
public string LastName
{
get { return _lastName; }
set { _lastName = value; }
}
}


Then, I defined the Record class that aggregates Name and PhoneNumber. I defined private members for name and phone number and exposed them through public properties, annotated with [XmlElement] attributes.

public class Record
{
Name _name;
PhoneNumber _phoneNumber;

[XmlElement("Name")]
public Name name
{
set { _name = value; }
get { return _name; }
}

[XmlElement("PhoneNumber")]
public PhoneNumber phoneNumber
{
set { _phoneNumber = value; }
get { return _phoneNumber; }
}
public Record()
{
}
}


Then, our top level class, which I was too lazy to rename from the VS .NET name Class1, I annotated it with the [XmlRoot] attribute to provide a name for the XML root element. Then, in the accessors for the records, I annotated it with the [XmlElement] attribute so that the name and phone number elements would be nested inside a Record element and Record elements would be inside the root element. Of course, there can only be one XML root element for a document. I also implemented a get accessor indexer so that you could access collection elements through array-like syntax. The rest of the code isnt too difficult to follow.

[XmlRoot("NameList")]
public class Class1
{
ArrayList _nameList;

public Class1()
{
_nameList = new ArrayList();
}

[XmlElement("Record")]
public Record[] Records
{
get
{
Record[] names = new Record[_nameList.Count];
_nameList.CopyTo(names);
return names;
}
set
{
if ( value == null )
return;
Record[] names = (Record[]) value;
_nameList.Clear();
foreach (Record name in value)
_nameList.Add(name);
}
}

public Record this [int index]
{
get
{
return (index < _nameList.Count) ? (Record) _nameList[index] : (Record) null;
}
}

public void Add(Record rec)
{
if (rec != null)
_nameList.Add(rec);
}
///
/// The main entry point for the application.
///

[STAThread]
static void Main(string[] args)
{
Class1 oMain = new Class1();
Name hisName = new Name("Adnan", "Farooq", "Hashmi");
Name anotherName = new Name("Hammad", "", "Rajjoub");
PhoneNumber ph1 = new PhoneNumber(92, 21, 888222);
PhoneNumber ph2 = new PhoneNumber(92, 21, 777333);
Record rec1 = new Record();
rec1.name = hisName;
rec1.phoneNumber = ph1;
Record rec2 = new Record();
rec2.name = anotherName;
rec2.phoneNumber = ph2;
oMain.Add(rec1);
oMain.Add(rec2);
XmlSerializer ser = new XmlSerializer(typeof(Class1));
StreamWriter sw = new StreamWriter("data.xml");
ser.Serialize(sw,oMain);
sw.Close();
}
}


I was a bit miserly with comments on this, which is rare. The reason is that I had a couple of other programs to do today, and I also had to do extra time on campus this morning to finish off some unfinished business.
If you're as lazy as I am, or even beat me, which is difficult, because lazy people are too lazy to beat others, just download the source code. I am including the XML file for good measure. Dont blame me for the stupid application, I am a lousy developer.

29 days to go!

29 days left. The countdown continues!

More than just a man

You traveled the world, now you must journey inwards, to what you fear. There's no turning back. Feeling is nothing, will is everything. If you make yourself more than just a man, if you devote yourself to an ideal, you become something else entirely. Are you ready to begin?

Batman begins

Configuring Cisco router through ASP.NET 2.0

OK, so how do you do interactive programming of the Cisco device using the cool .NET 2.0 System.IO.Ports.SerialPort class? Here's a sample. This sample will work with Visual Studio 2005 Beta 2. I built a website project based on the filesystem (i.e., not on IIS or FTP). The web page gives you a dropdown list to choose from amongst COM1, COM2, and COM3, lets you type the enable password in a text box and the command to run. It then displays the result of the command into a label. What you can do with it is only limited by your imagination. Enjoy again!

Mobile Web App to configure Cisco router/switch

Some of my students were working on this project, so I brought home a Cisco 2950 catalyst switch and built on top of the telnet C# library, a mobile web application project, which I have uploaded to my web site. Just download the zip file, uncompress it. The folder MobileWebApplication1 contains the solution file so you can place it in your Visual Studio Projects folder in your My Documents folder and place the folder MobileWebApplication1 inside it in InetPub\wwwroot\. The Telnet C# library is included with the project, so you dont have to download it separately. Enjoy!
This one is a proof of concept for configuring a Cisco router over an IP network. I'll try to upload something that does the same over a serial port soon. I'll probably use VS 2005 Beta 2 to do that, owing to its cool System.IO.Ports namespace.

Saturday, July 30, 2005

30 days to go

The count down continues. 30 days to go.

For those wanting to write a conference paper

Those of you who are wanting to write a conference, for SCONEST 2005, for instance, and wondering how to go about writing a paper, I have a presentation on my website that you can use. You can download it in PDF format or in Microsoft PowerPoint format.
You can write a paper about something that you have done, a project, your senior project maybe. You can write a paper about something you have studied from various sources. You can write a paper about something that you are going to do but havent started. You can write a paper about something that you have done partially and is not yet complete. Good luck!

My website is back

My domain has now been renewed and my site was moved to a new server. The new server seems good enough. You might be interested to know that my presentations for the PDC 2005 sessions that I gave as well as the source code for the demos are available there. Enjoy!

Thank you for your comments that I cherish

I got so many comments and such great comments to my posting titled "Got it!" that I had a very long reply. So, I decided to write a new post with replies to those comments.
Thanks loads guys and girls. I thank those who have posted there comments and those who havent. You all mean so much to me. It takes a good person to see good in others. It is not me that is good, but you, who see me as good.
Adnan, I understand your feelings, and you understand mine. We make a great team. I have a feeling that some day soon, we'll be working together, and I'll wait for that day anxiously, because it will be source of pride and honor for me.
Faisal, it is an honor and a great source of pride for anyone to know that one has been an inspiration for someone. In fact it is something that people dream of, it is an achievement of a lifetime. It greatly humbles me to know that I have been able to touch someone's life and influence it in such a subtle way. Yes, I hope you'd see me on research journals time and again. Yes, I have a very long way to go. Lots of hard work to be done.
Khurram, it takes a good man to appreciate someone, and I assure you, you are the good man, I am just a guy who's doing his job.
Yahya, I'm glad you feel that way. I wish I could say that I deserved it. I certainly worked hard, but I do strongly feel that the prayers had a lot to do with it.
Nouman, I understand your feelings, but I am certain that I am leaving with several very competent teachers behind. I always want to be different, I want to make a difference, in someone's life, at my workplace. I see several people who will still be here, who want to do the same. I fought a battle, they will continue.
Kanizeh, that is a huge huge thing that you said. I thank you immensely for that. Me, in that league, at this age? That is quite something. I am happy that you and some other people feel that way. My bottom line has always been, I am not doing anything great. I am only trying to execute my job. I feel that as a teacher, it is my responsibility to assist my students in and out of class, with my subject, or on anything else. That is the job duty that I have tried to execute. Quite honestly, and not being humble, I always feel that I have not been able to do that to the extent that I am supposed to. So, I just keep trying my best, without the greed for any rewards. Fortunately, many many rewards have come my way, the greatest of which are the statements like yours and Faisal's that, to me, are greater than the MVP award, greater than a million rupees a month salary, an airconditioned office and a car, greater than anything else. I once again say, it takes a great person to appreciate someone. I am not great, I am not good, it is you who is/are great to see the good in me and not the bad. Thank you all, and know that I am not going anywhere. I am happy to know and say that I will be right here for you, in your hearts and minds, anytime. Just think of me, and I'll be thinking of you. We're inseparable.

Friday, July 29, 2005

Configuring device from serial port in ASP.NET

Well, you could either do that over a DNS name or IP address, for which there are a number of methods as I have already blogged earlier. Otherwise, if you are connected over a serial port, try this, an article by a fellow MVP. Better still, a blog entry by the same guy for working with .NET 2.0.

31 days to go

The count down has begun. 31 days left.

I fall in love over and over

Every time I see her after I wash her and rinse her, I cant take my eyes off her. Sitting there, an object of beauty. I just cant decide whether I love my Nissan more than I used to love my Civic 89. What exactly were you thinking?

This entry rated PG-13

This blog entry is rated PG-13. Dont read it unless you're comfortable with it. I cant help posting on this. Meera just keeps coming on the screen so outrageously in that new Lux advertisement saying "khoobsoortee ka raaz. Janna chahtay hain?" And the way she is in that adv, every single time I see that adv, I fear that she's about to tell the truth. No, no, I dont wanna know the secret of your beauty. I already know it. Since when did we start getting silicone advertisements. What is wrong with our advertising industry?

Another C# Telnet

I found another C# Telnet solution.

I'm a very strange fellow!

Back in 1991, when I was applying for admission to high schools, I had a difficult case because I had been out of country for one year and the board of intermediate education had just recently erected a rule that people who have a gap of one year after their secondary school certificate will not be admitted to colleges on priority. I was determined that I wanted admission at DJ Science College. My percentage was good, but I didnt want to even apply at Adamjee College, which was reputed top in the city at that time. I only applied at DJ Science College. My folks kept asking me to apply elsewhere, but I strongly said, DJ or nothing. In the end, when the merit list was displayed, my name was not there. We were shocked. We went to see the principal and showed him my passport and my marks statement. He was a thorough gentleman and was impressed by my marks statement. He immediately instructed one of the teachers, Mr. Raju Kalip to accompany me to the admission office and have me admitted immediately. Mr. Raju Kalip is another fine gentleman that I can not forget not just because he helped me out, but because he was an excellent teacher. He taught us maths with a zeal and excitement that I cant even come close to attain even when teaching my favorite courses. I heard later that Mr. Raju Kalip had developed diabetes. I hope that he is well, wherever he is.
This time again, for PhD, I only applied at LUMS. There came a moment, when I started thinking, I should've applied to other universities, but alhamdulillah, in the end I not only got admission, but much more. Allah is nice to me. Allah is nice to us all, we just dont notice it.

See, I told you!

See, I told you the wind of change was about to blow! If you dont know what I mean, read by blog entry "Got it!" But the wind of change has only started to blow. There's much more, so just wait and see.

Got it!

I am blogging from a few hundred light years above cloud number nine thousand nine hundred and ninety nine. I received news today of what I had been dreaming of so desperately. I was admitted to LUMS Department of Computer Science and Engineering in the MS/PhD program and have been granted full fee waiver and a monthly stipend. They offer that to the top five candidates. That's quite an achievement. I'm sure you can never understand what or how much it means to me. Just think of it this way. Ever have so much joy that you wanted to cry and couldnt stop crying for a long time?
First position in eighth grade. Highest percentage record at my school in ninth and tenth grade. Second position in my first year at NED University. Assistantship two weeks into my first semester at Wichita State. A freelance software development that gave me so much to learn. Student Activities Committee Chair for IEEE Karachi Section. IEEE Student Branch Counselor at NED University. INETA Pakistan Country Leader. Invited to Dubai twice to attend Microsoft Research .NET 3-day Crash Course, everytime with free air travel, five star hotel stay and meals. Invited to Turkey to attend and speak at INETA MEA Country Leaders' Summit. Nominated Secretary IEEE Karachi Section, which I turned down. Elected Secretary/Treasurer IEEE Communications Society, Karachi Chapter. Endless list of praises and appreciations from so many people and platforms. All for an incompetent and incapable person like me. I can not attribute it to anything but my parents' prayers. And there is so much more that Allah has blessed me with that I cant even begin to encompass. If I would be in prayers for my entire life, I could thank Allah enough for all that I have been given.
Success is a journey and not a destination. This is only the first step to a journey. I have a daunting task ahead of me to live up to the confidence placed in me by the gentlemen at LUMS. My faculty advisor is Dr. Shahid Masud who is a graduate from Queen's University of Belfast. He maintains a home page, too. With teachers like the ones over there, I am ready for action, ready to take on the world.
I pray for strength at this crucial juncture of my life. Pray for me, like you have prayed for me before.

Yea, right!

As I was dialing up to my ISP, I heard tones that indicated a noisy line and an imminent slow connection. When the connection completed, Windows showed me a balloon saying connected at 115.2 kbps. Yea, right! I have a 56kbps modem. Maybe everything goes right together just as everything goes wrong together.

Thursday, July 28, 2005

The wind of change

The wind of change is starting to blow. I have a feeling it is going to be very strong.

Goodness is its own reward

Doing good with the greed of a reward is probably very much like doing evil. Goodness is its own reward. I had this argument with a few faculty members from some so-called universities in Karachi, back in 2003. We were talking about the community activities that I have been involved in for quite some time, and the formidable donations that I had brought to my department at NED University through my networking and efforts. The "faculty" immediately asked me if the university recognizes my efforts. I said, "no, and I dont care." They said, "no, you should care and you should be acknowledged."
I told them and I tell you, I do what is right because that is the thing to do. If you're doing right, that's nothing extraordinary. If you're doing wrong, that should be denounced. It's like if someone returns someone else's lost wallet, the whole thing gets published in the newspapers. Give me a break, he did what he was supposed to do, he did what he should've done. Do you get a reward for working 9 am to 5 pm? No. You get a reward if you work beyond your job description. Well, quite frankly, I've been working beyond the call of duty, but that's because it brings me satisfaction. I dont care about the fact that I earned four to five times less than what my class fellows did.
By our society's standards, I am a nut case. A student of mine, an year or so back, when he noticed how and what I've been doing admitted exactly that. He said, "Sir, you're a nut case." I said, "damned right I am a nut case. And we need as many such nut cases as we can get." If you find any, get me in touch with them.

Wednesday, July 27, 2005

IEEE

My good student Farhan Khan was telling me that at a time IEEE membership specialities expanded so fast from being Electrical and Radio Engineers, that some people joked that it should be called IEEE - Institute of Electrical Engineers and Everyone else.

Traffic blues

Picture this. You're on a single lane road. You come to a "T" where you have to either turn right or left. The road to the left and right is also single lane, with traffic in both directions sharing the lane. You stop behind the car in front of you because there is approaching traffic from the righthandside. Once that car clears out, you start off turning to the right, and on that god-damned single lane road, there is a car passing you from the right, and a car passing you from the left. That's a god-damned turn idiots, you're not supposed to pass on a turn. And its a single lane road, for crying out loud.

Sunday, July 24, 2005

Is there a way out?

So, with all these sarcastic and gloomy blogs and emails from me, is there hope? Is there light at the end of the tunnel? Is there a way out? Yes, there is. And it lies in you, it lies in me, the common man. We must correct ourselves, and the society will improve. We must inculcate in us the desire to change, to improve.
Seen the new pavements built in N.E.D. University? And still I see that people, sometimes including myself are walking on the road, in the middle of the road (I dont do that, though). We are the most educated lot of this country, and our behavior is not indicative of that. Can we correct ourselves? Yes, we can start with small things, like beginning to:
walk on the pavement instead of the road
by not sitting on the stairs
by not standing blocking the corridor
by not shouting out whenever possible
by not littering everywhere but throwing garbage in the dustbin
by not writing on the chair, the wall, the desk, and the computer
by leaving the chair neatly tucked near the desk when we leave the laboratory instead of in the middle of the isle
by not breaking the plants and instead planting new ones
Sounds easy doesnt it? That's because it is. These small changes can make a difference. So, dont be part of the mob, be different, be remembered as such. Do something unique, out of the box, do something that is right, not what is considered "cool." Are you with me? Do you wanna start tomorrow? Do you wanna start today? Do you wanna start right now? Let's do it. Let's show the world what we're made of. Let's be an example for the illiterate, instead of following their example.

Of progress and men

"We" had a very interesting discussion yesterday. I said something that I have said often. And it goes something like this.
Governments and bureaucracy everywhere believes in one thing: Status Quo. Meaning, everything remains the way it is. That means no progress. That is true everywhere. If you think that it's different in the west, think again. Progress is driven by the academia and the enterpreneurs in the private sector.
Unfortunately in our case, the academia where there is a desire and action to move forward, there isnt quality intake of students. And where there is quality intake of students, there is lack of desire and drive to progress, there is status quo.
We have to step out of this in order to move forward.
As for entrepreneurs, ours want returns before they make any investment. In progressive nations, there is investment in R&D of a product for years before it bears fruit. To our entrepreneurs, salaries are not an investment, but an expense.

Writing a paper

I'm writing a paper right now about security in Wireless LANs along the lines of the project I've been blogging about. It'll be copyright IEEE if it gets published where I want to submit it, so I cant share it with y'all.

Dreaming in red

Dreaming in red by The Calling

Once upon a time
Somewhere far away from here
I was drowning in a deep sleep
Got no ground beneath my feet
And there's so many faces
I'm New York and I'm Japan
There's so many things that I want to know
But I'll never understand...

Now I'm dreaming in red
Just drifting away
I'm dreaming in red
Come and take me away

I just got to get it right
Before I make it wrong
Cause I'm breaking out and rising up
While the world is falling down...

I see the sun behind the night, sky
One last moment before I say goodbye...

tape 'em

Well, this Friday, we came to know that there were new regulations that the "waaz", i.e., the sermon that is given in Urdu language before the formal "Khutba" of the Jumaa prayer, was not to be done unless it is taped and delivered to the police station afterwards, hence, there was no waaz at our mosque.
There are good and bad points about this. One bad point is that we dont have provision for women praying in the mosques so some ladies did benefit from hearing the waaz from the mosque loudspeakers so that they learn something new every week. Now they wouldnt.
One good point, however, is reduction in noise pollution. I dont mean the traditional meaning of noise pollution, but I'm very concerned about the fact that any tom, dick and harry can put up a loud speaker any time and start howling into it whatever he wants. I'm not talking about mosques here, this is generally applicable to your neighborhood musical party during birthdays, naat competitions, qawwali nights all of which are excellent recipes for ruining people's peace.
All of that might be done in good spirit, but it is hurting the very spirit of Islam of caring about the comfort of the neighbor. Maybe someone is ill, someone needs rest, someone needs to concentrate on studies, maybe even pray. You cant even pray while someone is shouting on a loudspeaker.
In the US, no one could use loud speakers without prior approval, and I never heard anything on a loud speaker. I heard that there was one mosque in Houston, Texas, around which there were only muslim families and the mulsim faimilies certified that they were all OK with the calling for prayers on a loud speaker, hence the only mosque in the US that has call for prayers on loud speaker.
I wish that something would be done to ban loud speakers on all occassions. If you wanna do a concert, go do it at the creek where no one else could hear it, or maybe in an indoor theatre.

Telnet with C#

Here is a library for doing telnet scripting from within C#

Saturday, July 23, 2005

I have a job too

At times people have told me that they cant do something because they have a job. Yea, right, and I'm supposed to do it because I dont. Sheesh! Others working at non-academic organizations feel that I have a luxurious job, 8:30 am to 3:30 am, summer and winter vaccations. Heaven, right? Sure! I leave for work at 7:45 am and if I enter home before 10 pm, my folks offer thanksgiving prayers. All this time I'm out earning money left and right? Not at all. I'm out spending on stuff that I do for others, because of the inward pleasure that it brings to make a difference in others' lives.
Try to leave your jobs and spend a day in my life. Try dealing with a 140 students a class, for two classes that you're teaching, and one class that you taught last year, four batches that graduated being your student, who would come down for recommendation letters, advice, discussion, the department's sweeper, the department's electrician, other faculty members with their day to day needs that I'm supposed to take care of, the services department employees who need my advice and signatures when they replace a tube light or a door knob or a water tap based on a written complaint from myself, and the suppliers who are supplying everything from computers to printers, to paper, to tube lights, to electric wires, to furniture, and a few other things for icing on the cake. Not a moment goes by when there is only one thing on my mind, only one person in the queue. Today, after leaving class, I counselled three students within ten steps of walking distance, another five at the foot of the staircase to the laboratory corridor, not to mention those who were waiting upstairs. No wonder I cant make it to class on time. Some people suggest that I should force consultation during designated consultation hours only. But our patients wouldnt understand that. They want it "right now." I'm pushed towards burn out, but since its not for long, I let it be. But the worst is when all of them minus a couple ask you the magic question, "Sir aap busy to naheen hain?" meaning, asking me if I am not busy. For all of you, know that the true answer is, of course I'm busy, just throw your question and save us both some time. Your questions help me learn, so keep them coming, but be understanding, too.
A certain group of people, when they ask a question, they want the solution, not the path to the solution, which is exactly what Adnan is saying in his posting. They dont want you tell them a big picture of how things are to be done, they dont even want you to tell you which menu to go to and which option to select and which method to write what code into, they want you to give them the solution. Thank God, none of my students are like that. My students are all smarter than me.
As Adnan said, if you feel that I (we) helped you, if you feel that we did the right thing, do help others. You dont have to acquire a certain status to start helping, you can start anytime.
If you seek help, do your homework. Often people come asking for help when they dont even understand what they are about to do. Fine, no one knows what they are about to do most of the time, but if you want to extract something out of a consultation session, you should read ahead and plan and prepare so that you can actually absorb what is being said. Many times people have come and I tell them what to do and in the end we are still where they started, and they ask me what they should do, I'm like, DUH! That's why, when I give anyone a lot of directions, I pause, repeat my instructions, write them down with numbering and give it to them.

Phew!

Finally, my DS0 is functional again. I'm paying line rent for most of this month without service. They say that the diggers hit the telephone cable. Same old excuse.
Two sessions for INETA Pakistan today. First, Hammad at Jinnah University for Women on Introduction to .NET Framework and then Zeeshan Muhammad with his debut session at NED University on Master Pages and Themes. Both sessions started late but went well. I hope the audience at NED University liked the broasts. The broasts had to be in the boxes for a few minutes which may have caused some deterioration, but I tried to do the best I could do. I hope it ended up well for the audience. There wasnt any left for us in the end, so we had to go out and get some for ourselves. I'm glad we had something of a volunteer force today. I'm hopeful they'll take a lot of load off my back now.

Friday, July 22, 2005

One way of staying ahead

Some people believe that one of the ways of ensuring that you stay ahead is to ensure that others stay behind. Our nation seems to be following the same doctrine.

Wednesday, July 20, 2005

Who am I?

It's not who I am underneath, but what I do that defines me.

Batman Begins

Sunday, July 17, 2005

How to setup a CA of your own

In my efforts to implement a secure wireless LAN, utilizing RADIUS based authentication, I had quick success on username/password based authentication, but we had considerable difficulty getting X.509 certificate based authentication because we were not very well versed on it. Finally I managed to get it done. Here is how. Please know that some of the links would not work because I have not uploaded the files to my web server yet. Please be patient, I'll upload them shortly.

Create your own Certificate Authority

One way to create your own Certificate Authority (CA) is to use the Certificate Services that come with Windows 2000 Server. Having already installed FreeRadius on RedHat Linux 9.0, I decided that we should set the CA up on Linux as well. Well, you could actually set up your RADIUS server on Windows 2000 Server also.
So, the first thing to do to set up your own CA is to install openssl. I isntalled version 0.9.7a and freeradius 2.0.
While you can set everything up in the directory where openssl is installed, this page suggests that you create a different directory structure, so that it is not affected by any OS updates etc. In my case, openssl was installed in /usr/share/ssl. I took the advice and ran the following commands on the console:

[root@localhost CA]# mkdir /CA
[root@localhost CA]# cd /CA
[root@localhost CA]# mkdir certs
[root@localhost CA]# mkdir private
[root@localhost CA]# chmod 700 private
[root@localhost CA]# echo '01' > serial
[root@localhost CA]# touch index.txt
[root@localhost CA]# cp /usr/share/openssl/openssl.cnf

I copied over a few files including openssl.cnf from the /usr/share/ssl and /usr/share/ssl/misc directories:

[root@localhost CA]# cp /usr/share/ssl/openssl.cnf .
[root@localhost CA]# cp /usr/share/ssl/c_* .
[root@localhost CA]# cp /usr/share/ssl/C* .

You can download my openssl.cnf if you wish, for reference. Having done that, it is also useful to setup an environment variable called OPENSSL_CNF so that the various openssl commands look up the configuration from the file in /CA instead of the usual install location. So, I issued the following command:

[root@localhost CA]# export OPENSSL_CONF=/CA/openssl.cnf

Next, the CA needs a certificate for itself. We generate a server certificate (cacert.pem) as well as private key (privkey.pem) using the following command:

[root@localhost CA]# openssl req -x509 -newkey rsa -out cacert.pem -outform PEM
-days 10000 -extensions xpserver_ext
Generating a 1024 bit RSA private key
..............++++++
...++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PK]:
State or Province Name (full name) [Sind]:
Locality Name (eg, city) [Karachi]:
Organization Name (eg, company) [NED University]:
Organizational Unit Name (eg, section) [CISD]:
Common Name (eg, your name or your server's hostname) [Secure Wireless LAN]:
Email Address [linux@linux.org]:

I then copy the private key file to where it is expected to be found, inside the 'private' folder and save it with a different name, even though this isnt necessary, as this can be changed in openssl.cnf.

[root@localhost CA]# cp privkey.pem ./private/cakey.pem

At this time, it would be useful to look at what we have just produced. You can cat or vi cacert.pem if you wish, but more useful is the following:

[root@localhost CA]# openssl x509 -in cacert.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=PK, ST=Sind, L=Karachi, O=NED University, OU=CISD, CN=Secure Wireless LAN/emailAddress=linux@linux.org
Validity
Not Before: Jul 16 17:12:24 2005 GMT
Not After : Dec 1 17:12:24 2032 GMT
Subject: C=PK, ST=Sind, L=Karachi, O=NED University, OU=CISD, CN=Secure
Wireless LAN/emailAddress=linux@linux.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b5:29:bd:88:15:f0:b0:44:35:91:a1:59:e4:a2:
0b:8c:fa:63:05:0e:8c:e7:0b:3c:0f:96:65:fd:ea:
7e:8c:0f:c3:e5:fc:b0:37:bb:71:9e:74:1f:fe:01:
a6:e5:99:df:fe:8f:47:4c:43:ed:98:ca:79:72:58:
39:53:6c:b0:24:69:31:0d:f2:31:e4:f4:1d:3d:07:
71:c2:e6:49:76:3b:f3:22:4e:b6:17:a3:fe:c1:22:
5d:e6:18:fd:18:30:ab:a1:d7:f3:24:c1:7b:f3:77:
c8:41:eb:bc:48:a4:c4:09:c1:df:8a:fc:e9:ca:00:
ff:f7:77:66:86:bf:55:2a:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: md5WithRSAEncryption
3d:d4:6c:45:98:ee:6d:f9:f1:b8:69:c1:29:8e:fb:e9:1f:d2:
5f:ce:07:52:0e:e7:a1:71:4b:53:12:84:e7:79:50:e7:1b:85:
3b:7a:ba:51:82:a4:46:9d:6e:12:fd:15:c8:f0:80:42:a3:21:
78:f8:f4:65:90:cc:2e:86:c4:b2:2b:a1:bc:6d:89:ce:21:c0:
e8:79:a8:b7:ec:0d:69:52:9f:5a:78:9b:80:f4:61:f4:90:6f:
93:68:f7:9f:0c:79:3f:5e:fe:06:2a:bc:e9:4b:1f:95:3d:59:
87:db:5d:94:4a:a9:78:76:5b:ca:6f:ee:24:4a:85:18:bb:da:
95:cd

Cute, isnt it? Next thing we need to do is to find out the hash for this key and create a file with the name hash.0 from a copy of the certificate. How do you get the hash? There is a utility to do that, that comes with openssl, called c_hash. I invoked it as follows:

[root@localhost CA]# ./c_hash cacert.pem
8dc69078.0 => cacert.pem
Since my openssl.cnf is setup such that a file with the name hash.0 is expected in the newcerts directory, I do the following:

[root@localhost CA]# cp cacert.pem ./newcerts/8dc69078.0

Know that we could also have created a symbloic link back to the certificate file. Next, being the curious kind, I decided to verify the certificate thus:

[root@localhost CA]# openssl verify -CApath ./newcerts/ cacert.pem
cacert.pem: OK

Great! Now let's give the client a certificate. The procedure is quite similar but this time around, we give a different value for "Common Name." First we generate a certificate request.

[root@localhost CA]# openssl req -newkey rsa:1024 -keyout testkey.pem -keyform PEM -out testreq.pem -outform PEM -extensions xpclient_ext
Generating a 1024 bit RSA private key
......++++++
...++++++
writing new private key to 'testkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [PK]:
State or Province Name (full name) [Sind]:
Locality Name (eg, city) [Karachi]:
Organization Name (eg, company) [NED University]:
Organizational Unit Name (eg, section) [CISD]:
Common Name (eg, your name or your server's hostname) [Secure Wireless LAN]:LaptopNumber1
Email Address [linux@linux.org]:laptop1@linux.org

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:wireless
NED University []:

Next, we sign it with the CA's key thus:

[root@localhost CA]# openssl ca -in testreq.pem -notext -out testcert.pem
Using configuration from /CA/openssl.cnf
Enter pass phrase for ./private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 3 (0x3)
Validity
Not Before: Jul 16 17:17:44 2005 GMT
Not After : Jul 16 17:17:44 2006 GMT
Subject:
countryName = PK
stateOrProvinceName = Sind
organizationName = NED University
organizationalUnitName = CISD
commonName = LaptopNumber1
emailAddress = laptop1@linux.org
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
NED OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
BC:D7:6F:77:03:FE:94:88:C5:A2:2F:3C:64:43:6B:4E:D9:8F:A3:72
X509v3 Authority Key Identifier:
DirName:/C=PK/ST=Sind/L=Karachi/O=NED University/OU=CISD/CN=Secure Wireless LAN/emailAddress=linux@linux.org
serial:00

Certificate is to be certified until Jul 16 17:17:44 2006 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

Cool! Now we need to put the hash.0 file in the newcerts directory:

[root@localhost CA]# ./c_hash testcert.pem
5bab441e.0 => testcert.pem
[root@localhost CA]# cp testcert.pem ./newcerts/5bab441e.0

Verify:

[root@localhost CA]# openssl verify -CApath ./newcerts/ testcert.pem
testcert.pem: OK

For MS Windows XP, let's convert the PEM file to P12 format.

[root@localhost CA]# openssl pkcs12 -export -in testcert.pem -inkey testkey.pem
-out testcert.p12 -clcerts
Enter pass phrase for testkey.pem:
Enter Export Password:
Verifying - Enter Export Password:

And, let's convert the server certificate to DER format:

[root@localhost CA]# openssl x509 -in cacert.pem -inform PEM -out cacert.der -outform DER -extensions xpclient_ext

There you go! Now transfer cacert.der and testcert.p12 over to the client. I used a floppy disk. First on your Windows XP machine double click on cacert.der and click on install certificate. Click next on the certificate import wizard. Click on the "Place all certificates in the following store:" and click on the Browse button that brings up the select certificate store dialog. Select "Trusted Root Certification Authorities" and click OK. You will be notified that the import was successful.

Next, double click on testcert.p12 and click "next" twice. Type your password in the next dialog and click next. Leave the next dialog's selection as is and click "Next" followed by "Finish." You will be notified that the import was successful.

Authentication on wireless LAN working both with Username/password and X.509 certificates

I managed to get everything up and running yesterday. I had to bring some equipment home from the laboratory to implement a full wireless LAN, RADIUS and CA scenario at my place. I got down to work, did a few quick searches on the net, read a few howtos and got everything working. I'll place all the steps that I followed on the blog shortly. My very own howto on CA.

Friday, July 15, 2005

Poised to enter IT business boom

Pakistan is poised to enter an era where we will benefit from a lot of IT related business activity. We dont have consistent electric power, my phone line, which is the tiniest thing that you can imagine for IT, has been down for the last week with no clue as to what is wrong and what is going on, we only have one "real" link to the Internet, which is apparently programmed or scheduled to go down every few months. We're poised to......yea, right, whatever!

The difference between Karachiites and the rest of the world!

OK, ladies and gentlemen, we have a million dollar question here. What is the difference between Karachiites and everyone else in the world? What is one thing that others have and us Karachiites dont? One thing, one word. And I'll answer that question. Trust me, I've travelled, I know for sure. One word: COURTESY.

Tip for car owners

Want to increase the resale value of your car? Want to give it the new car shine, or the new car smell? Want to double the gas mileage of your car while still increasing the whroooom power? Sorry I cant help you with any of those, but I can give you three tips: 1- Keep checking radiator water level, keep checking and replacing engine oil at regular intervals and 3- Keep checking and correcting battery water level

Livin la vida loca

Ever felt life go crazy? I thought things were roller coastering upto PDC 2005 and life went absolutely nuts, ballistic and berserk on me starting June 23, 2005. It ketp getting crazier not even every day, not even every hour, but every minute. Non stop, all the way to July 7. What happened you ask? You have to be kidding, things were happening and changing every minute, how many days do we have between June 23, and July 2? Dont ask me, I couldnt even keep track of what date it was, in fact, I still havent been able to come to that state of consciousness. So, multiply the number of days by number of minutes, and how can you expect me to remember, let alone write down all that happened?
Things are beginning to pick up pace, here we go again!

Thursday, July 14, 2005

Ode to Karachi Traffic

To all the morons who fit in any of the following categories, I have a message that follows the categories:
- Those who turn right from the leftmost lane
- Those who turn left from the rightmost lane
- Those who recall that they need to turn precisely when the turning is 90 degrees to the right or left
- Those who turn without an indicator
- Those who turn the indicator on after stopping to turn
- Those who drive three feet into the road they want to join, thereby blocking an entire lane, and stay there (you might as well move on because you've already caused the incoming traffic to stop)
- The rickshaw walas
- The minibus walas
- The big bus walas
- The Suzuki pickup which Allah himself has forbidden to drive anywhere but the fast lane and has directed it to drive extremely slow
- The motorbikers the only light they have working is the one on their cell phones
- The motorbikers who cut out in front of you on a red traffic light and when it turns green, they put their Harley in gear and it shutsdown with you right on her tail
- The motorbikers who insist that you're the one who should be watching, they have the right to suddenly swing from one side of the road to the other as and when they like
- The car drivers who drive into an intersection after the traffic light turns red

I apologise to all Karachi drivers minus the ones that fit in any of the above categories, because, hey, what did you do to deserve to be left out of this list. This list is not comprehensive and exhaustive. If you cant fit yourself into this list, know that there is an implicit "include all" at the end, so dont be sad that you were denied the title that everyone else got towards the beginning of this post. Driving in this city, I wish I were driving a tank.

Wednesday, July 13, 2005

FreeRADIUS EAP/TLS Howto

FreeRADIUS EAP/TLS Howto

RADIUS

Turned out that we went with Username/password based authentication in the end. The "start simple" approach always work. While we were having getting the system working as given in the articles, we decided to configure a Cisco Catalyst switch to do Telnet authentication to our RADIUS server and once we were satisfied, we cut open the configuration on the XP box and the access point and got things working soon.

Tuesday, July 12, 2005

What exactly is IEEE membership worth?

Someone I respect very highly mentioned today that someone was asked this question, "What is the benefit of IEEE membership." And he replied, "It's what you make of it."
How true, and how true of membership to all community groups. You can change your life with them, you can changed others lives with them, or you can totally waste your money on it.
So, see the value of networking, see the value of volunteering, see the value of sharing and participate (dont just sit back and receive the magazine that go to your teen dabbay wala before you read them), give value of the membership to others, and get the value for yourself.

Weller boy!

Weller boy, aint nothing does it like this one:

You do something to me - something deep inside
I'm hanging on the wire - with love I'll never find
You do something wonderful - then chase it all away
Mixing my emotions - that throws me back again

Hanging on the wire, I’m waiting for the change
I'm dancing through the fire, just to catch a flame
And feel real again.

You do something to me - somewhere deep inside
I'm hoping to get close to- a peace I cannot find

Dancing through the fire- just to catch a flame
Just to get close to, just close enough
To tell you that

You do something to me-something deep inside

Monday, July 11, 2005

Yea, yea, I know!

Yea, yea, I know they're Azfar and Mani and they have an Orkut community too. So buzz off. What matters is what the message is, not who the messenger is.

Sunday, July 10, 2005

A nation of complainers

I was listening to a program on radio last night. I think it was 103 FM. The program was called Karachi Complaint or something. I must say that the two presenters were quite talented. They were talking in the typical Karachi accent about Karachiites' strange mindset and life style.
They had a very unique way of criticising people's bad habits and mindset. They took a very controversial topic and took phone calls on it. The topic was, if the girls are getting married and sitting at home, why are they studying? First they themselves commented on what some typical responses would be, for instance, it gives awareness etc.
People started calling in. That's what's distinctive about our nation, we are a nation of complainers and we love to talk on issues, but no one has the solutions. We love to talk, though, pretending to be intellectuals. No one cares to do the slightest to make a difference, however. Seen that LifeBouy advertisement that shows a single kid who starts off cleaning the street? That's the kind of people who change the future of nations. Unfortunately for us, there's only one such person in our country and that is that boy who was cast in that advertisement, and even he isnt really that kind, he was paid to pretend to be that way. But that's philosophy!
So, one girl calls in saying that it gives you "broadmindedness." Now these two guys hosting the show are very good. They ask her what is broad-mindedness, and she cant define it. See, we love to talk, even when we dont know what we are talking about. No one has the solutions, everyone loves to talk. Later these guys define broadmindedness as accepting other people for what they are and keeping from poking your nose into other people's business, or something to that effect, which was quite right.
Then there was this girl that said that she wanted to study Nuclear Sciences and she had taken a test at KANUPP's institute. They asked her what she would do, make a nuclear bomb? She couldnt think beyond Hydrogen bomb. We're all like that. That's one of our tragedies, we dont even know why we're doing something. Yet, we try to defend it with lame explanations. The two guys asked her, can Nuclear sciences ascertain a rise for our nation? She said yes, they asked her several other nations such as Sweden have made progress not because of nuclear science. She was stumped.
Then there was this girl who wanted to serve humanity so first she wanted to be a lawyer then she changed her mind to study child psychology and work with some NGO. They asked her what was the guarantee that she wouldnt change her mind again, she was stumped, too.
Then there was this lady talking BS asking all the people with their houses and apartments alongside Shara-e-Faisal to please remove the trash and clutter from their balconies and put plants there because we should give a good image to the expatriates who come home. Yea, right, those expats who come home because they want to buy clothes and shan masalas for the an year or two because they cost too much abroad, want to boast about their house and car that they dont own, but have on financing terms, and cant even guarantee that they would live to pay them off. I mean, come on, what is the guarantee that your source of income is constant? What makes you think that you can surely pay the monthly instalment of your car, or your house, or even your credit card? Dont go making lame excuses now, like the ladies on that program. Face it, you're wrong, feel bad about it. Maybe you have no other option, but have at least the conscience not to defend your lame lifestyle.
The guys also talked about girls who wanted to marry the handsome rich guy. They didnt find one for some years, they fell down to the rich guy, not necessarily handsome, didnt even find that, then a few years later compromised to a rich guy even with an acid-accident-face. I wonder what they would compromise to a few years after that.
What I want to summarise here is this: People, shut the hell up! If you dont have a solution, at least dont complicate the problem with your shitty, lame, no good debates. Those who have a solution are already working on it, silently. They dont care to talk about it. Whether they will succeed, or the complainers will get them down like so many others in the past, time will only tell. So stay tuned!

Saturday, July 09, 2005

Indigo again!

I had a couple of partitions on my home desktop for Fedora which I wasnt working on for quite some time, so I thought let's install XP on those to dual boot with my existing Windows 2000. So, now I have a "production" (yea, right) Windows 2000 box, dual booting to my development Windows XP box, which is running much cleaner.
I have Visual Sutdio 6.0, Visual Studio .NET 2003 installed on it, installed .NET framework 2.0 Beta 2 onto it, took it to the university campus, and installed Avalon and Indigo Beta 1 RC while updating Windows and BitDefender antivirus. I brought it back home and installed Visual Studio 2005 Beta 2 onto it followed by WinFX SDK Beta 1.
I then went back and developed an Indigo service hosted on IIS by going to File -> New Website and then selecting Indigo Service. Having built the service, I ran svcutil against it using the command svcutil http://localhost/IndigoService1/service.svc?wsdl which generated a proxy class and a configuration file.
I added a console application project to the solution, added the two generated files to it, renamed the output.config file to App.config, built the small sample code below and it ran fine.

MyServiceProxy proxy = new MyServiceProxy();
string result = proxy.MyOperation1("My name is ");
Console.WriteLine("The hello service returned: {0}",result);
proxy.Close();

It's nice how easy it is to develop an interoperable service that is secure at the same time. I'll experiment further utilizing gates to enforce access control using credentials and post to the blog later.

Thursday, July 07, 2005

FreeRADIUS and EAP

Read article 1 and article 2 for information about how to setup Wireless LAN security using FreeRADIUS. There's another useful article here.
This is another blog entry which seems excellent as it matches our access point exactly.