Friday, December 31, 2004

End of the innings!

So a long, hard innings finally came to the end. Yep! Fall semester 2004 has finally, finally finshed! After freaking us out, after making our days miserable, after messing up with our grades, it has ended. All good things must come to an end, and so should all bad things. And so was this semester. I am grateful its gone! And yeah! Happy new year to all of you!

Tuesday, December 28, 2004

A new year, a new start

Only the Computer Architecture and Computer Communication exams are remaining. CA is tomorrow and CC is on Friday. And that would be the 31st of December. After that, ofcourse, the new year. And it would bring a new start. A new start for all my ambitions, new commitments, promises. I would try to keep my promises then. I would try to work hard. I would be the real me again. That's a promise, to you, to myself.

Monday, December 27, 2004

Demographics de Orkut

The Orkut people had displayed the demographics of their service, how many people are there, which country has the most users, the age group of most of the users etc. The most users are from Brazil, no sweat in that. Then comes USA, then Iran, then Pakistan. I was astonished to see that Pakistan had leapfrogged into the fourth place over India. When I had earlier seen these demographics India was in the fourth place and Pakistan in the fifth. Looks like Orkutting is a fast growing phenomena in Pakistan! Most of the users (55.94%) are between ages 18 and 25, 88.69% are interested in friends, while 51.56% are single. A whole 20.75% people decided not to give any answer about their marital status. Country List: Brazil 61.99% USA 10.85% Iran 7.71% Pakistan 2.96% India 2.41% Canada 1.17% UK 1.11% Estonia 1.10% Japan 0.96% Germany 0.62% Its amazing to see Iran and Pakistan have more users than countries like United Kingdom, Japan and Germany. I won't comment about Brazil, its a large country, with a large population. And it seems its people are really infotech savvy. Same is the case I feel is with Iran. Whenever I search for a technological community at Orkut I am assured to find a Brazilian and an Iranian flavor of that community. Interesting, huh! Orkut provides an option to provide hometown and an option for location. Now I dont know that this list is based on the hometown version of the country or the location version. Ofcourse hometown is where you are actually from and location is the place where you are currently at. Maybe they will resolve this ambiguity. You can view the Orkut page here if you have an Orkut account.

Friday, December 24, 2004

The Humanitarian element and AMD 2.4G processor...

I hate to admit it, but it was a really stupid thing to do! At the "Capture the flag" contest, there were an additional 100 points of decryption. There was a message, hosted on a webserver and in encrypted form. The team that would decrypt the message first would get the points. Our bad luck, we couldn't connect to the server. There was some problem, and since we had almost completed our competition, Ali was pressing me to leave the place for home. So we informed the admin, and left our workstation. In the meantime we decided to check on the rest of our teams. Now the sopho guy, who was competing alone, was trying to decrypt this message. Although it wasn't a tough one, I wonder why people didnt get the basic thing. And the winner team also didn't get it! Ali spotted the first phrase, that had to be "Hey,". Now from now on it was an easy ride. The mistake: Ali told the sopho guy they decryption technique, and we were simply robbed off the 100 points. Man! Was I mad at Ali! We could've atleast got 100 points yaar! Ali said that it was of no use anyways because we had already declared. Yeah Right! We had declared but we weren't out of the game...! Now I hear today that sopho guy was the runner up, with some hundred and twenty so points. Our 100 points! And he got a brand new AMD 2.4G processor! Duhhh....!!! I hate you Ali!

Thursday, December 23, 2004

Day Two!

I didnt go to PakCon 2004 Day 2. Reason is simple. Management exam is tomorrow, and I simply am not satisfied with my preparation. Besides that, I needed sleep! I was up last night trying to study, and slept at around 0430. Now if I had to go there, I d have to wake up at around 0730, and then wouldnt have been back till around 1700 or so. And then sleep again, so there was simply no time to study! So I chose the better of it and decided to stay home! Ali didn't go either. I dont know about Talha. He can go since he has got the Marketing exam on Monday. Chilled!

Wednesday, December 22, 2004

So what!

I went to the PakCon 2004 today. They have changed themselves from "Pakistan's first Hacking Convention" to "Pakistan's first Cyber Security Convention". The president, [fz], talked about this paradigm shift, emphasizing that "here in Pakistan" the term "hacker" is often attributed to a cyber junkie with an evil mind and an eye for compromising other people's systems. Hence the shift. However whatever I was expecting about the convention that it might be interesting, on a large scale atleast, went down the drain. I realized today that there were absolutely no advertising, no marketing plans, no nothing. Even the Neelum Hall, where this convention was supposed to take place, didn't hold one single banner proclaiming anything that was going on inside. The actual event started at around quarter past ten, almost an hour and a half late. What else do you expect when you live in Pakistan? As usual, the Chief Guest hadn't arrived, and so the proceedings couldn't go on. However there was one interesting lecture titled "Phreaking: Past and Present". This was delivered by Emmanuel Gadaix, an information security and telecommunication expert. It was interesting, covering phreaking from the very basics and early times with blue boxes to the modern, enriching phreaking done with sophisticated equipment and by intelligence agency people. Almost after it began the "Capture the Flag" contest. This had six systems on the network running WinXP with RedHat 6.2 through VMWare. The participating teams had to penetrate the opponents' systems and place flags in their systems. The central server swept regularly checking the services and detecting any flags. The score was based on a combination of strategies. Bottom line: We didn't win but we didn't lose either. We did the decryption that was pretty basic, shifting the letters only 13 places and the decoded message appeared! All under 3 minutes! Tomorrow is the Wardriving contest, where teams would have to search for wireless access points. The teams that detects the most will be the winner. I hope we get the wireless enabled laptop early in the morning tomorrow. You can visit the PakCon 2004 website at http://www.pakcon.org

PakCon 2004

I have been asked to attend the PakCon 2004 by the university people. It would be held at the Pearl Continental tomorrow and day after, i.e. on December 22nd and 23rd.

The Open Source Saviour!

I have been saved by major embarassment by Linux. Abbu's got a new computer for himself for working. And I decided that I had to connect the two systems together, creating the home network. It has been a dream. Besides, it would offer a coupla advantages too. First, Abbu's documents are on the old system. That would provide a nice mean to transfer his files, rather than saving them on the spare harddisk and transporting across the house. Second, another place from where to get online. Third, try quenching the thirst of knowledge. Well, to move on. I fished around on Windows 98 for any suggestions on this uphill tasks. I found that to be a cracker with the Internet Connection Sharing(ICS). Cool! And I had two Ethernet cards. So no problem with that. I installed the ICS, and configured it. Now, my since my system has two network interfaces, they present a problem. Their names are almost same! One is Realtek 8139(A/B/C) PCI Fast Ethernet NIC and the other is Realtek 8139(A/B/C) PCI Fast Ethernet Adapter. Now, the ICS asked me the interface that was connected to the outer world, i.e. from which I connect to the Internet. How'd I know the difference between their names? I couldn't remember which one was actually connected to the Internet. More specifically, I knew which one was, but I didnt know its name! Holy cow! Anyways I selected the second one (as I felt it must be the one) for the outer world and the first one for my home network. A prompt appeared asking me to restart the system. I clicked No, and promptly forgot all about it. That happened yesterday. Today, when I came back and tried logging in to the network, there was no domain server available. Aaargh! Hell hath no fury like... And then I just accepted it as another feat of my network administrator, and mentally prepared a note to give him a nice verbal beating the next time he comes to me. And then just on a whim I restarted the system to hang out on Linux. And while searching out for some commands. Out of the blue I decided to telnet into that server(I had forgot that I wasn't on the LAN). And it did! Connected to the server all right. Wow! I had to run an ifconfig to see which ethernet interface it was using. Turns out that on Linux only one interface is configured and that is the old one. Cool, meaning when the system had been restarted while I was away (remember ICS asking to restart the pc?) the settings had taken effect, and the dormant ethernet interface had been asked to connect to the outer world. Good Lord! And then follows the same old story. I cursingly changed the connections and interfaces, and tried to logged back again, and did it log fine. All the more reasons to prefer Linux (just that I couldnt make it browse any sites)!

Monday, December 20, 2004

Squirrel Mail and the curse of Differential

Dont know. The Differential Equations curse seems to be hanging over my head, getting involved in everything. It was Databases & Information Retrieval exam today. Had to go fine, but sadly it didn't. Anyways, the sizzling SquirrelMail story isn't quite finished. I got a mail from the Webmasters chairperson, she thought I was trying to score points on Ayaz Ahmed, which isn't the case at all. Here is the mail: From : Rabia Sajjad Sent : 18 December 2004 13:13:16 Subject : security hole hi yousuf good ya noted da security hole. i noted it too but dint speak up yet coz i thought da whole webmasters shd know it b4 i put it as a qs at any kinda forum.... ya shd have discussed it b4, either at webmasters forum or wid me, and then forwarded it to ayaz. ya c .. vr a team and shd b integrated. b4 saying anything to any1 we all shd know abt it. dont ya think its rite ?? anywayz i appreciate ur observation. She was mad at me somewhat, but then I mailed her and coalesced into accepting it as it were, I know maybe she had found the problem, or not maybe. I dont care as far as I am content.

Saturday, December 18, 2004

The Plethora of Squirrel Mail Continues...!

I just got another mail from Ayaz Ahmed. He wants us to look at other Open Source email programs. Now we are one big happy open source family! Here is the mail: Subject: RE: [Webmasters] Security Hole! From: Ayaz Ahmed Date: Sat, December 18, 2004 6:57 am To: Ovais Khan; Webmasters [Khi]; The Webmasters [Khi] Cc: Dr. Zubair Shaikh; Rashda Mehmood Pls look for other opensource email servers with web access like ... Qmail, IBM's POSTFIX, Courier-MTA, SendMail, Exim... Ayaz PS: Why two mailing groups, thewebmasters and webmasters...

Yeah Right! Let's check some others out. I would suggest going for NeoMail, or Horde. We'll discuss it after the exams. Chao! (duh...!)

The Plethora of Squirrel Mail!

The Security hole seems to have caused a frenzy in the higher echelons of power at the campus. The mail I sent to Ayaz Ahmed had been circulating around the faculty (ofcourse those concerned). He replied me, and sent it around to a few more people. Here is the reply: From: Ayaz Ahmed Sent: Saturday, December 18, 2004 9:53 AM To: Webmasters [Khi] Cc: Dr. Zubair Shaikh; Rashda Mehmood; Anwar Ali; Ovais Khan Subject: RE: [Webmasters] Security Hole! Thanks Yousuf... And since you are the part of this team... so get over with it after your exams... chao... Ayaz Note: Forwarded messages attached. Ahan! So the mail has been forwarded to the Dean, the Incharge, and the Server Incharges. Quite cool. And then another mail that I got from Ovais Khan, one of the Server Incharges, in response to this possible exploit. Here is it: Subject: RE: [Webmasters] Security Hole! From: Ovais Khan Date: Sat, December 18, 2004 6:45 am To: Ayaz Ahmed; Webmasters [Khi]; The Webmasters [Khi] Cc: Dr. Zubair Shaikh; Rashda Mehmood I would again suggest to have the link to OWA on our main page until the new web access is completely tested as has been the case with previous site. Squirrelmail is a lot CPU intensive and even if 200 or so users are checking their mails, the response time would be pathetic. Also, someone from the webmasters please contact me after papers so we can secure OWA, squirrel mail and forum as none have much password security. Regards, --- Ovais A. Khan Research Officer, FAST-NU So that's that. Although my angels also dont know what OWA means. Maybe "Old Web Access". Perhaps. But the old one was Exchange Mail Server. Dont know, maybe that's technical jargon. Not for me!

Friday, December 17, 2004

SquirrelMail!

I do not aspire to be a security analyst for web-based media, but I couldn't help the hordes of security holes that I come across very often in different sites. Take, for example, the SquirrelMail server. It takes the username and password fields, and sends them over the connection for the server side script in absolutely unencrypted form! I can see my browser going to the redirected site with my username and password displayed in the address bar!! Phew! We had decided to deploy the SquirrelMail server for the university email access, stripping off Microsoft Exchange Server. But looks so unless a correct patch is available, we have to stop the deployment of SquirrelMail. I notified the Incharge via the mail. The mail is reproduced here (although with some modifications to protect the privacy of those involved): Subject: [Webmasters] Security Hole! From: "S2114" Date: Fri, December 17, 2004 1:57 pm To: "Ayaz Ahmed" Sir, The FAST-NU site has been revamped, and revamped for good. The previousWebmasters had decided to do away with the Microsoft Exchange Server and instead bring in the Squirrel Mail Server. The Squirrel Mail had the advantage that it was open source and we could do away with any changes we might have wanted. But recently I found that SquirrelMail has not a secure mode of transmission as it utilizes JavaScript.The problem is that it detects the text in the username and password fields and sends it over the connection absolutely unencrypted for the server side script to work on. Infact, if you look at the address bar of your Explorer while this is signing in, you can see your user ID and password being displayed for the redirection connection to be estabilished. All in unencrypted form. So there is even no need for a packet-capture program like Ethereal to be utilized. Here is what I found on my system: [When Redirecting] http://superway/webmail/src/redirect.php?js_autodetect_results=0&login_username=s2114&secretkey=pa13pc And when I captured the packet (just for fun!) I found the following results: GET http://superway/webmail/src/redirect.php?js_autodetect_results=0&login_username=s2114&secretkey=p3apc HTTP/1.0 --Much output omitted-- Host: superway Cookie: squirrelmail_language=en_US; SQMSESSID=l48f8uu4rh9h0aj0dvoo9besd3 Here is the response: HTTP/1.1 200 OK Via: 1.1 SERVER5 Expires: Thu, 19 Nov 1981 08:52:00 GMT Date: Fri, 17 Dec 2004 13:31:27 GMT Content-Type: text/html; charset=iso-8859-1 Server: Microsoft-IIS/5.0 X-Powered-By: PHP/5.0.2 Set-Cookie: SQMSESSID=l48f8uu4rh9h0aj0dvoo9besd3; path=/ Set-Cookie: key=%2Fpi95TId; path=/webmail/ Keeping in the spirit of security tradition I have not yet discussed it with the other members of the Webmasters. I had tried to access the SquirrelMail web site but it seems to be down. So would you suggest using any other open source email program that can be deployed on our servers, or a patch or something that can be installed for this security hole. We have to act quickly before the mainstream people find it out. The new FAST-NU site features the SquirrelMail email server. Regards Look there! There goes my password for all to see! Lets see what our esteemed Faculty Incharge has to say about it. Nobody knows about it yet! And I am not gonna tell anyone! ;)

Google sucks bad! (contd.)

I didnt mean to continue my last post, but I forgot another of Google's blunders: The Gmail. Yes! I don't know whether this happens with the rest of the world, but it sure happens with me. Just last night when I was done with my last post, I decided to check on my Gmail. I didnt leave Gmail out intentionally from the "Google sucks bad!" post, but I just forgot. And then there it was reminding me of how can I leave it out! I usually have to try five or six times to login. And when I do login, checking a mail or jumping back to the inbox is no less than a nightmare. The mail signs me out! And then the same plethora of signing it in again, which doesnt take less than five attempts! Frustrating! And then they ask you to change your browser. Talk about tough times. I wonder why other email services, news groups that use javascript dont get any problem like that? Like MSN, Yahoo, hi5 etc? Is it the curse of Google? I dont know. I want to find out.

Thursday, December 16, 2004

Google sucks bad!

Okay okay! All right. I know most of the guys are big time Google fans, but still, it sucks real bad when it comes to things other than search engines. For example, take Orkut. A nicely designed forum that is expanding like anything. But then, its just expanding. Its expanding without any regards for minimizing the response times, user frustration and site management. How many times have you encountered the "Bad, bad server" error? Countless times, right. Most of the times the systems signs me out when I try to add someone. Now what. And the most frustrating of it, I try to paste a scrap, and "The page not found" error smacks right into my face. And just when I refresh it, the scrap is pasted then. Now there is this Blogger. Taken over by Google from some small company. But it has the most of the problems in logging in. If you have Javascript enabled, then it just might work fine. Blogger Help folks describe this as a problem with the browser. Here is what they say in that regard: Clear your cache. Delete your Blogger cookie. Check your Cookie settings. Check your JavaScript settings. Quit your browser and restart it. Use another browser. I do that all (without the last one), and still the same problem. The final resort? I restart my system. It then logs on. But still there is another problem lying ahead. If you just close your browser without signing out, and for some reason you want to go back to your account, what do u do? Dont point your browser to blogger.com, no, restart your system. Because if you try to signin again, you will get bounced back and back again to the login prompt. Reason: your browser does not retain your login information correctly. And then there is the problem with the main Google site. With the regional sites, like Google in the countries, the pages dont appear correctly. Why is it so? Why is every problem related to Google? Is it so because a cook can not make too many broths at once. With Google, Orkut, Blogger; is it so that Google really cant manage them all? I dont know. I dont care. I do care about the service. I do care about the sites running smoothly and without giving me any headaches. That's what I want. If Google doesn't provide me with these, I am better off to other providers!

Webmasters! (contd..)

From: Rabia Sajjad <****@y...> Date: Wed Dec 15, 2004 8:29 am Subject: Re: [thewebmasterz] Website Review! awrite pic : i agree we'll replace it as soon as we get a better 1, most probably provided by om1 or yousuf. committees : it was meant 2 b Committees ... newayz good pointings. labs : content incharge .. ya forgot linux lab, provide da complete contents .. but after finals, don worry for now. footer : can consider them too. good reviewing yousuf xpecting good work from ya in future Phew! That was close! Finally the *new* Webmasters are starting to get comfortable with my way of working. I was feeling bad, couldn't do the work they had assigned to me. Primarily, because I had loads of assignments, quizzes and demos on my neck. Secondarily, the PHP guy didnt coordinate with me, maybe because he didnt know! Anyways, now they are happy with me, and I am happy with them. The new Intranet site is good, though with some shortcomings (that I had pointed out earlier). But overall its a nice effort, and finally Ayaz Ahmed is content with Webmasters (because he had chosen this new committee himself!). Here is the mail he sent to the Webmasters: From: "Ayaz Ahmed" <ayaz.ahmed@n...> To: "'Rashda Mehmood'" <rashda.mehmood@n...> "'Webmasters [Khi]'" <webmasters.khi@n...> Subject: Keep it up -- Now build upon this Date: Wed, 15 Dec 2004 09:57:04 +0500> http://mycampus <http://mycampus> -- Impressive! Congratulations Ms. Rashda, Rabia, Tafseer and the whole team... Ayaz So that was it! Everybody is one big nice happy family! The rest of the work is postponed till after the finals! And did I tell about the Differential paper? All the more reasons for me to hate Dr. MI! He's such a nerd! It was such a lengthy paper. And ofcourse not for me. I couldn't complete most of the questions. Poor me. I just hope I dont flunk in it. Help me O God!

Wednesday, December 15, 2004

WebMasters!

Okay I reviewed the site. Looks great. My opinion is just that we change the blue wala image in the background. Reason: Too many people have seen it already, if that is in place, wouldnt feel like we have revamped everything. Regarding reviewing the website and checking the "broken" links, I have yet found everything in order. Nice work on that regard. Logged in on the libms ver 1.3.8! It logged in nicely, just another prompt appeared besides the login to xeon prompt, that was from my firewall. I dont see any reason this should be invoked. Anyways, Library first page is nice, but then, it seems that it was supposed to be in the center of the screen somewhere. And it is floating somewhere to the left of the center. Maybe it should be on the top, like the subsequent library pages are. And I dont know what's the difference between Virtual Library and Main Library. Still when I try to "Enter the Main Library" the LibMS application encounters a Runtime Error. Acha still I dont think we have the concept of a CSS being applied in the libms site. Or CSS isnt compatible with ASP? (Yet I dont think so). This is because the first page has text in Times New Roman (imagine that) and the subsequent pages are in Verdana. Just that for the library CSS should be applied for all text in one font and the content should be aligned either on the top or at the center. And last but not the least, shouldnt WebMasters be credited too on the library page?! Time table wouldnt work besides the first page. Means it doesnt bring out the real time-table, as somebody had pointed out earlier. Committees/Communities: What is it exactly? Communities or Committees? And we are Webmasters, not Webmasters's. And then there should be some space (vertically) between the committees descriptions. Sorry for diverting to design fundamentals here but I think it is a necessary component of successful web development. Lab Introduction: We re missing the Open Source (Linux) lab. Isnt it a vital and refreshing addition to our campus? Contact Us: Where did the Shah Latif Campus came from? Or was I ignorant all along! I heard it was Main Campus or Karachi Campus. The last thing, we need some space again between the last spacer bar (the blue one) and the tag text and webmasters logo. And it would look good if it appears in the center, like the Powered by Interact appears in the Forum. And the top navigation bar is redundant when we have it in the left pane. It could fit in if we put it in the bottom of the page. Phew! So that was the complete review/checking/design tutorial of our internet/intranet website. I hope our people like it! Nice work folks, though I wasn't of much help. I ll sure be available for any (and every) thing after the finals. Thats my promise to all of you, especially Tafseer, Yamin and Rabia! Visit the web at http://202.83.175.146/

Saturday, December 11, 2004

More tension, more Pepsi!

Good News! The Computer Communication paper got rescheduled! Now it will take place on December 31. Phew! I was soo nervous about it. Actually the DE and CC paper were consecutive. And I was thinking that the CC paper will get fu**ed because of DE. I hate Differential. I hate Dr. Mumtaz. Won't teach anything intelligible and then gives most awkward questions in the mids. Anyways now I'll get almost a day to study CC, I ll score nice in it, I m sure! Finally I am getting nice hits! Thanks to all of my visitors, thanks to you. But I would appreciate if you could leave comments.

Thursday, December 09, 2004

The End is near...!

Jeez! Dont worry! I am not trying to act like a seer. Its just that the end of the semester is near. And that means the finals are near. Right around the corner. I can look at 'em. See, see, there they are! Lol! Exams start from Tuesday the 14th. First is Differential Equations, and then, on the very next day, is Computer Communications! And they are insisting on covering the whole course for CC. Talk about nerdy heads! After that on Monday is Databases, and then Friday Management and finally on Wednesday we get Computer Architecture. The schedule is pretty cool except the DE and CC papers. God help me with these two.

Sunday, December 05, 2004

Ahoy AD!

Talk about spending a hundred-fifty bucks and getting absolutely kachra in return. Yes! Kachra! Scum! Oh my God! The food was pathetic, and it was short too! Just imagine, a thousand people and no food. It was an awful scene. Aaroh was there but some miscreants (read losers) cut off the power supply to their system thrice. Talk about creating impressions. I dont think they will want to be back here.

Friday, December 03, 2004

Annual Dinner

So tomorrow is Annual Dinner. The only event held (almost) regularly at FAST-NU Karachi Campus. And with some dignity. The last one was held in May 2003, that was during the semester break. EP performed live then. Aaroh will be performing tomorrow. There is another upcoming band called Inertia that will be their today too. Hope it is good. I dont know about the other universities but we are being charged Rs. 150 for the entrance ticket. I feel it as a bit of a burden as to the university students shouldn't be charged any money for such events, especially when DECS gets such a large amount of budget. Couldn't the DECS people alongwith the university bear just one event's burden? Conspiracies galore! As yet of today I haven't got the money to support my Annual Dinner saga. I dont know if I'll be going tomorrow or not. Lets see it there and then.

Thursday, December 02, 2004

Linuxed!

Been off for too long? Well, I was Linuxed. The Computer Communications assignment turned out to be a piece of cake. Just had to make a PC a router and then to route packets through it. Easy, isn't it? Yet nobody had a clear cut idea of what had to be done until today. I was linuxed the whole day yesterday; and today. Strange, its just a phase. You are just linuxed, like you are astonished, or flabbergasted, or disgusted still. The sudden explosion of Linux on this scene of our batch has left many a mixed feelings. There are those who complain about its lack of user-friendliness. Then there are those who just want to get the work done, and finally there are those (like me) who actually feel powered and sustained by that console window. Yer, I feel a certain thrill in it. Back to serious stuff now. I installed RH 9 today. Finals are starting (probably) from December 13. I'll get back to my preparations later. I still have to work up on Differential.