VaibhaV Sharma

life @ vsharma . net

Author: VaibhaV Sharma (page 2 of 25)

Is the new iPad Pro worth your money?

Share Button

Is the new iPad Pro worth your money? Maybe, Maybe not.

I don’t know. But thanks for clicking through to read this post. šŸ™‚ Who am I to tell you if the new iPad Pro is worth your money or not. It is your money and it is for you to take that decision, maybe based on the classic “Need vs. Want” analysis. But why would you go through that? You know you don’t “need it” but you do “want it”. Right?

That point aside, just like a bollywood movies, there exist two dozen formulas for post titles that are recycled as “new and informative material”.

Like these –

  • 5 reasons why you should buy an iPad Pro
  • 5 reasons why you should not buy an iPad pro this holiday season
  • 10 reasons why Apple is doomed
  • 10 reasons why everyone is losing to Apple

Some of them do have interesting content but the title and the tone of these articles is so generalized that it just does not apply to everyone and does not make sense at all in the larger context.

I used to ignore them but with such titles sprinkled all over the web, you do sometimes get in the trap, end up reading through and then crawl out disappointed.

Try these google searches and see for yourself. Some interesting patterns emerge –

And my recent favorite –
5 Reasons Why People Who Cry A Lot Are Mentally Strong

To think of it now, I did read some of these formula articles and was mentally stronger every time. Thank you for reading through this one.

BTW, I do “want” and have 5 reasons for the iPad pro this holiday season. šŸ™‚


Exchange ActiveSync – iPhone – Why certificate lookups don’t work?

Share Button

If you handle any kind of confidential material on your work email (most of usĀ do), encrypted email is a must to ensure confidentiality and security of the material being moved around.

Warning: This is a long text post with lots of tech details. No pretty diagrams this time.

Other than the proprietary solutions for intra-company encryption, there are only a few “open standards” that two random organizations can useĀ to exchange encrypted emails. S/MIME being one of the popular ones, if your organization already uses appropriate certificates for user authentication (Wifi, 802.1x, disk encryption, etc.), enabling email encryption could be a simple matter of configuring email client to use that cert for S/MIME email encryption.

Assuming all that is setup, an email sender still needs the intended recipient’s “public key” before an encrypted email can be sent. That can be exchanged manually using “signed emails” between two users but is a headache for more frequent certificate exchanges.

That is where enterprise directories like “Active Directory” can help. Microsoft exchange being one of the most popular email infrastructure choices, it is easy to publish all user certificates to the corporate directory. That way any MS Exchange compatible client can lookup recipient certs while composing an email.

Microsoft exchange can be accessed using a variety of client protocols. Most of those protocols expose similar interfaces and provide almost the same functionality from an email client’s perspective. The difference is in the transport protocol structure in use. These client protocols also provide the ability for the email client to “request recipient’s email certificate” on the fly.

So, publish each user’s cert with Active Directory / Exchange and the problem is solved, right? Not quite so.

For Microsoft’s own email client options – Outlook, etc. that use EWS to talk to Exchange CAS – Client Access Server, the cert lookup process works fine. Microsoft even has an IE ActiveX plugin to enable S/MIME on “Outlook Web Access”.

The problem currently exists with clients that use the Microsoft ActiveSync protocol to access Exchange services. If you configure Apple iPhone or Android Touchdown apps for Exchange, they use ActiveSync instead of EWS. ActiveSync protocol provides API calls (ResolveRecipients) to fetch a recipient’s email certificate. But when the client makes that call, the CAS ActiveSync process is unable to fetch the cert and returns a negative response.

WeĀ first came across this issue several years ago and after extensive online search and forum posts, concluded (like others) that this was an Apple iPhone Mail issue and kept cursing Apple for it. We also kept testing it with every IOS release with no success. The logic there was thatĀ if the fetch worked for EWS clients, ActiveSync shouldĀ have the sameĀ result as it is the same CAS server.

But thatĀ was an incorrect assumption. Well, the issues are specific to each client. After hours of debugging, educating (yes) MS support engineers on S/MIME, here is the current summary –

For ActiveSync Clients (Apple iPhone Mail / Android Touchdown) –
The issue is with Microsoft ActiveSync Server –Ā documented here.
Client Cert Request to CAS

CAS (ActiveSync) Response to Cert Lookup Request

For Apple Mail – OSX (uses EWS)
The problem is with Apple mail trying to use Keychain to lookup certs instead of EWS protocol. Keychain lookup does not work for OSX versions before El Capitan. Works on El Capitan only if the machine is joined to the windows domain and directory lookup is enabled on Keychain. This is not a practical solution if the OSX client is roaming outside corporate network with no LDAP access to the GAL / domain controllers to do a cert lookup query.

Outlook Mac 2016 (Latest version)
S/MIME cert lookups stopped working from version 15.11. Anything between 15.3 and 15.10 still work. This is a known issue with MS dev teams with no specific fix date.

Update: To get this to work, add the intermediate CA + the root CA cert chain to all EWS servers. Without that, if EWS server is unable to validate the cert chain, it will silently ignore received certs.

CQ WW DX 2015

Share Button

Its that time of the year when amateur radio frequencies light up like a Christmas tree on the air. Pretty much every khz of the popular bands (20m, 40m) is occupied with voice recorders spewing out CQ/QRZ calls from contesting stations. Other bands are busy too depending on propagation and conditions.


And then there are a few regular rag chewers (group chat types) trying to weather the onslaught of busy bands, and try to talk at length as usual. Occasionally, a contest station would wander around and end up transmitting on their frequency and be given a piece of mind from the rag chewers. Fun to listen in.

Its all quite remarkable actually. Most contacts last not more than a few seconds, enough to exchange information for the contest log book. First of all, for the uninitiated, Amateur radio contesting is all about making as many “contacts” as possible in a short period of time. Points are earned based on how many continents, countries, areas, etc. you make contacts in and then the number of those contacts. There is a long list of contests that happen every year.

If you get into contesting seriously, it is an excellent way to learn about and optimize your antenna, radio setup for optimal performance. With the equipment all set, one would need to come up with a strategy of what bands to operate on and during what time of the day/night. That is based on propagation data. Propagation data is available from various sources and also have translated versions like this –

Once equipment is setup and propagation based strategy is set, then comes the workflow of how you run the equipment. There are various categories of operation like SO2R – Single Operator 2 Radios. Combine that with the type of modes one can run the radios in – CW (Morse Code), Packet Radio, SSB (Single SideBand – Voice).

Yes, its not just about talking to random people anymore. Its a sport. A Radiosport.

I need to fix my home shack antennas and try contesting from home sometime. Here is a video of an operator handling a pileup (tens of stations trying to contact YOU). I have done a bunch of these as well for W1AW/6 and its a lot of fun –

Website Resurrection – 2015 Edition

Share Button

Going through the painful process of bringing this site back online. There are 500+ historical posts. Where did all that come from?

A few years ago, I imported all my old posts dating back to 2001 from (Remember? Yeah!) before deleting that account. I read through a lot of those entries and decided to make all of them private to avoid public embarrassment. šŸ™‚

Managed to clean up the theme, comments, some security related items and a bunch more. Flickr is another pain in the bleep to deal with. That will take some more time to sort out.

Will chip away at it.

Back Online!

Share Button

Working on bringing this site back online from the archives. Cleaning up content, code and layout.

Older posts Newer posts

© 2021 VaibhaV Sharma

Theme by Anders NorenUp ↑