Linux User Group of Mauritius Promoting open source software in our beautiful island

17Jul/140

LibreSSL – DEB package for Ubuntu

Posted by Ish

Earlier today, Logan posted on Mauritius Internet Users discussion list about LibreSSL availability for non-OpenBSD platforms. I had a look at the LibreSSL homepage and definitely you cannot miss the winking LibreSSL Portable notice.

I downloaded the source & compiled it on my Ubuntu 14.04 64bit machine. All went well, fired up terminal to check the version, it showed LibreSSL 2.0.

LibreSSL-2-0

The source files can be downloaded from OpenBSD repository.

As for those who want to be spared from compiling I made a DEB package for 64 bit systems. Please try LibreSSL & report any buggy feature you come across to the developers, typically our local BSD developer Logan.

Update

Those wishing to compile, it takes a couple of minutes. Extract the source as follows:

tar zxvf libressl-2.0.2.tar.gz

Enter the libressl-2.0.2 and do:

./configure --prefix=~/LibreSSL

Add the –prefix if ~/LibreSSL is the location where you want to install LibreSSL. Then do:

make && sudo make install

That being done, you may check your LibreSSL installation as follows:

~/LibreSSL/bin/openssl version

Have fun, folks!

The post LibreSSL – DEB package for Ubuntu appeared first on HACKLOG.

Tagged as: No Comments
5Jul/140

Raspberry Pi Party!

Posted by Ish

As planned with folks from JCI City Plus, today we met to further brainstorm the Raspberry Pi (RPi) project we’re currently collaborating on. A few months ago, Nitin Bachraz and Asha Auckloo got in touch with me informing of the project, which should comprise of an educational platform built-on RPis.

Yog, Veer, Nitin & I, went for the RPi thrill today. A geek lab was set up at the home of one of the JCI folks. Some cool peeps there. We were welcomed with juice, tea, biscuits and I took the black-coffee-no-sugar as usual. Aww! It might sound weird but Yog asked for hot water instead.

We had some quick chats, checked the RPis & verified everything we needed. Earlier during the week I downloaded Raspbian but the RPi packs already came with SD-Cards loaded with NOOBS. Great! It spared me the time to dd the Raspbian image.

What is a Raspberry Pi?

RPi-logoThe Raspberry Pi is a low cost, credit-card sized computer that plugs into a computer monitor or TV, and uses a standard keyboard and mouse. It is a capable little device that enables people of all ages to explore computing, and to learn how to program in languages like Scratch and Python. It’s capable of doing everything you’d expect a desktop computer to do, from browsing the internet and playing high-definition video, to making spreadsheets, word-processing, and playing games.

RPi-1

RPi-3

Nitin intrigued by the size of this marvel

RPi-4

RPi-2

RPi-5

An improvised geek lab was set up

RPi-5

RPi-10

Raspberry Pi desktop

RPi-7

RPi-8

RPi-12

RPi-15

RPi-13

RPi-11

A fultu day with huge laughs, farata jokes & meeting cool people. Hopefully, we should meet again in around two weeks to finalize the collaborative project between JCI City Plus and Linux User Group of Mauritius.

The post Raspberry Pi Party! appeared first on HACKLOG.

5Jul/140

Raspberry Pi Party!

Posted by Ish

As planned with folks from JCI City Plus, today we met to further brainstorm the Raspberry Pi (RPi) project we’re currently collaborating on. A few months ago, Nitin Bachraz and Asha Auckloo got in touch with me informing of the project, which should comprise of an educational platform built-on RPis.

Yog, Veer, Nitin & I, went for the RPi thrill today. A geek lab was set up at the home of one of the JCI folks. Some cool peeps there. We were welcomed with juice, tea, biscuits and I took the black-coffee-no-sugar as usual. Aww! It might sound weird but Yog asked for hot water instead.

We had some quick chats, checked the RPis & verified everything we needed. Earlier during the week I downloaded Raspbian but the RPi packs already came with SD-Cards loaded with NOOBS. Great! It spared me the time to dd the Raspbian image.

What is a Raspberry Pi?

RPi-logoThe Raspberry Pi is a low cost, credit-card sized computer that plugs into a computer monitor or TV, and uses a standard keyboard and mouse. It is a capable little device that enables people of all ages to explore computing, and to learn how to program in languages like Scratch and Python. It’s capable of doing everything you’d expect a desktop computer to do, from browsing the internet and playing high-definition video, to making spreadsheets, word-processing, and playing games.

RPi-1

RPi-3

Nitin intrigued by the size of this marvel

RPi-4

RPi-2

RPi-5

An improvised geek lab was set up

RPi-5

RPi-10

Raspberry Pi desktop

RPi-7

RPi-8

RPi-12

RPi-15

RPi-13

RPi-11

A fultu day with huge laughs, farata jokes & meeting cool people. Hopefully, we should meet again in around two weeks to finalize the collaborative project between JCI City Plus and Linux User Group of Mauritius.

The post Raspberry Pi Party! appeared first on HACKLOG.

12Jun/140

LUGM Saturday meetups. What do the geeks do?

Posted by Ish

Mid-year 2013, I used to shoot about Linux mini-meetups on facebook, then they became LUGM meetups, all planned for Saturdays over an exaggerated intake of coffee. In the beginning, we would be like 3, 4, maybe 10 people attending. However with successful events like Linuxfest & Corsair Hackers Reboot, having more than 10 people in nearly every meetup was like normal.

Yet from time to time people shoot me questions about what do we do or talk about during those meetups? Some ask if they can attend even if they are still in college, while others fear they are still novice in Linux. I’ve made a colorful answer to these questions (^^,) … Enjoy it!

lugm-meetup-what-we-do


Images, courtesy of Google image search.

The post LUGM Saturday meetups. What do the geeks do? appeared first on HACKLOG.

Tagged as: No Comments
12Jun/140

LUGM Saturday meetups. What do the geeks do?

Posted by Ish

Mid-year 2013, I used to shoot about Linux mini-meetups on facebook, then they became LUGM meetups, all planned for Saturdays over an exaggerated intake of coffee. In the beginning, we would be like 3, 4, maybe 10 people attending. However with successful events like Linuxfest & Corsair Hackers Reboot, having more than 10 people in nearly every meetup was like normal.

Yet from time to time people shoot me questions about what do we do or talk about during those meetups? Some ask if they can attend even if they are still in college, while others fear they are still novice in Linux. I’ve made a colorful answer to these questions (^^,) … Enjoy it!

lugm-meetup-what-we-do


Images, courtesy of Google image search.

The post LUGM Saturday meetups. What do the geeks do? appeared first on HACKLOG.

Tagged as: No Comments
8Jun/140

Linux Mint 17 “Qiana” Cinnamon – Installation #1 fail

Posted by Ish

Two days ago I tweeted I’m downloading Linux Mint 17 “Qiana” Cinnamon. A first trial was scheduled for the week-end. I pulled out the HP Compaq laptop.

First things first, need to make a Live pendrive.

linux-mint-17-live-usb

Next thing, booting the laptop with the pendrive. All is clear. No glitches, boot time is decent enough. The desktop looks like nothing new though. So, I didn’t explore much & dived straight for an install.

LM17-install

Aww! That is mom’s laptop running Manjaro Linux. I bargained it with another one running SUSE Linux Enterprise. She’s happy with that for the moment.

I did the usual partitioning with a swap, a root and a home partition. Installation was proceeding smoothly. Four minutes into copying files & BOOM! Ubiquity shoots an error.

LM17-Qiana-install-error

The error indicated there could be problems with the installation media, which in this case would be the pendrive. The Live pendrive creation process had completed without errors and I had no reason to doubt any problem coming from there.

Could the problem come from a corrupt download? I checked the md5 hash, which should be 1c3fef2117fad9c9bc905abdeb474ac1 for the 64-bit version as published on the Linux Mint 17 download page.

LM17-md5sum

Aaargh! They match. By this time, I was already feeling hungry & I didn’t have energy to look into the installation errors. Mission abort! Installation #1 fail!

Also, while I had to copy the screenshots on another pendrive, it looks like automount went nuts.

LM17-automount

I manually mounted the pendrive & copied the screenshots.


I’ll try the installation afterwards & still if errors persist, I’ll file the bugs with relevant information.

The post Linux Mint 17 “Qiana” Cinnamon – Installation #1 fail appeared first on HACKLOG.

Tagged as: No Comments
8Jun/140

OpenSSL: More vulnerabilities, CVE-2014-0224

Posted by Ish

Earlier today, Logan, posted on the LUGM facebook group that he has created a online tool (still in beta) that would test if your server is vulnerable to yet another vulnerability that has been recently discovered in OpenSSL. This particular vulnerability is known as CVE-2014-0224.

For Internet users in general let’s see what is a CVE. It’s a short form for Common Vulnerabilities and Exposures. MITRE Corporation maintains a list of these vulnerabilities and they are tagged with CVE identifiers in the following format:

cve-explained

Mitre Corporation describes the vulnerability as follows:

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the “CCS Injection” vulnerability.

A quick chat with Logan & he confirmed me that the current Injection Tester by NCC Group is not reliable. He tried to contact the author but to no avail. Finally, he decided to write a tool. He coded the back-end and S. Moonesamy (SM as we call him) wrote the front-end. SM also provided hosting for the tool, through his company Elandsys.

The SSL Injection Test is available here.

To note, this tool as various other Security Audit tools are not to be used for malicious ends. The tools are made available for security testing purposes. The authors can’t be held responsible for unlawful, unethical or inappropriate use of the tools.

I tested a few websites which I’ve worked on, all good, while some other local websites not good at all.

Screenshot of the tool

ssl-injection-test

If you find your server as vulnerable & you require expertise to patch it, you may contact S. Moonesamy. He’s a good old fellow who has been contributing in the industry & worked closely on the security aspects of Internet.

Logan has alerted Google, Yahoo, Youtube and Ebay.

I sent an email to CERT-MU (Mauritian National Computer Security Incident Response Team) notifying them of the same.

I should also highlight that OpenBSD developers including Logan, are currently fine-tuning LibreSSL (an OpenSSL fork) and many security fixes have been brought including CVE-2014-0224 being patched. Please support the good work of these fellows by donating to the project.

Note

This tool like several others available on Internet, gives you a first indication about your OpenSSL vulnerability status. They may however show up false positives at times. The tool is mostly suitable for a quick check by those who do not have access to the servers. As for sysadmins having access, they may check their OpenSSL version manually & compare with versions that are affected by this vulnerability.

The post OpenSSL: More vulnerabilities, CVE-2014-0224 appeared first on HACKLOG.

Tagged as: No Comments
1Jun/140

A growing FOSS community in Mauritius

Posted by Ish

As shot on facebook during the week, a bunch of geeks met yesterday for a random meetup. Aww! Not so random as I proposed to discuss Bug Reporting. Let’s see how the day unfolded.

It’s Saturday, as usual I would wake up late. One of the reasons why I don’t like meetups to start early. I reached Bagatelle at 11h30 and on the way, Jagveer & Yuram called to enquire if we are coming. Once there I rushed to Vida e Cafè where meetup was scheduled. It was in fact scheduled in a fun way this time. 10h00 – 12h00 (or till location is overtaken by a penguin army) at Vida e Cafè, then lunch time we should move to Burger Perfect.

lugm-vida-e-cafe

Who made it?

Jagveer, Yog, Yuram, Yudish, Shamsher (Luffy), Chelon, Nitin Mutkawoa, Pritvi, Mirza, Selven, Logan and me.

Latecomers aren’t in the photo above ( :

As we had coffee, we shot a first string of discussions over recent happenings. Web Security being the top priority, I informed folks about the upcoming meetup and asked them to subscribe to the LUGM mailing list (if they haven’t done so) for updates. We discussed the importance of bug reporting and how it helps make future releases more pleasant. It also puts Mauritians in the forefront as contributors to the global open source community.

Around 13h00 we moved to Burger Perfect. We ordered food, drinks and plugged laptops on power, along with the free wifi (courtesy of Burger Perfect).

lugm-meetup-burger-lunch

lugm-meetup-bug-report

ubuntu-mauritius-220Since we had Internet connection, I was able to do a quick tour of Launchpad, showing how bug reports are filed for Ubuntu & various applications. We browsed the bug tracker page and had a look at some bug reports, brainstorming on the kind of information that one should include when submitting a bug report. As it happens, I had a bug concerning Ubiquity Installer to report. Unfortunately, I forgot the netbook on which the bug occurs, otherwise we could have reported the same together. I also showed folks our Ubuntu Mauritius LoCo Team page and explained the advantages of having Ubuntu users joining and contributing to the community via this channel.

Logan & Selven joined us a while later. Nitin grabbed this opportunity to shoot his BSD related questions at them. In fact, Nitin has been tinkering a lot on GhostBSD these days. I hope some cool stuffs will show up on his blog soon.

Some photo highlights
lugm-burger-perfect-4 lugm-burger-perfect-2 lugm-burger-perfect-3 lugm-burger-perfect-1 lugm-burger-perfect-5 lugm-burger-perfect-10 lugm-burger-perfect-11

I was also expecting some folks from JCI (Junior Chamber International) to meet us. We’re at the moment trying to find a common platform for a Raspberry Pi project they have started. Within LUGM & MSCC we could have the resources they need to make the project a success. I’ll send details about the project on the LUGM mailing list, so those who wish to contribute can follow the discussion there.

Discussion with JCI folks
lugm-burger-perfect-6 lugm-burger-perfect-7 lugm-burger-perfect-8 lugm-burger-perfect-9

Later in the afternoon, geeks decided to settle discussions over beer. We moved to Flying Dodo and continued the usual talking.

lugm-flying-dodo-1 lugm-flying-dodo-2 lugm-flying-dodo-3 lugm-flying-dodo-4 lugm-flying-dodo-5 lugm-flying-dodo-6

Aww! Beer was soothing & helped calming the neurons. We didn’t realise we stayed there till night & had dinner.

Some were having good time while others having a good laugh

lugm-flying-dodo-7
lugm-flying-dodo-8

The post A growing FOSS community in Mauritius appeared first on HACKLOG.

Tagged as: No Comments
17May/140

OpenBSD and the little Mauritian contributor

Posted by Ish

OpenBSD! I recall it as the blowfish photo someone stuck on the whiteboard during the times I was working at Linkbynet. I had no BSD hands-on-experience before that although I knew about it. My first OpenBSD proper introduction was given by Ronny at Linkbynet when I questioned him about the Blowfish photo.

openbsd

That’s where the story began. He told me about Logan (Loganaden Velvindron) and while I still wasn’t a member of the Linux User Group of Mauritius at that moment, I recalled Logan from a previous Linux event at the University of Mauritius where he did a presentation on SQL Injection. Logan has been a contributor to the OpenBSD project since 2010. I was today wondering to write an article on Mauritians contributing to the global open source community, Logan, our BSD fellow, fits in well.

Flashback…

Logan started sending patches for the mg editor to the OpenBSD developers back in 2010. He also wrote a patch for a USB keyboard to work with OpenBSD. Coincidentally, he also was in search for a firewall and load balancer for work purposes. OpenBSD has PF (Packet Filter) and this made very much sense to Logan.

openssh-300As a meticulous developer Logan was picky about projects. In 2012, he needed a topic for the university final year project. Topics provided by the university didn’t really suit his taste and he decided to adventure on his own. He started working on a secure file transfer protocol modeled after SFTP. He spent some time studying the the SSH code and design documents. He then came up with the idea to implement SFTP resume support for download and upload. Now, his project had it but OpenSSH didn’t. That’s another turn in the adventure.

Logan strongly advocates the development cycle as followed by OpenBSD developers and in his own words he describes the experience as follows:

OpenBSD has a developer tree, where developers work on the next version of OpenBSD. OpenBSD insists that code committed to the developer tree should always be able to compile. Broken code isn’t accepted. In turn this enforces strong discipline, and peer review of patches, something that other open source projects lack (sadly).

Working with developers around the world is a fantastic experience. I get to learn about their country’s culture, cuisine, sports, and language. We have IRC-like meetings, and we use mails heavily. My inbox generally has around 40-50 mails daily, that I need to go through.

From time to time, we organise developer focused events known as hackathons, where we put groups of developers in a room, and we basically hack intensively on parts of OpenBSD.

The face-to-face meeting allows us to move faster for improving patches.

bsd-loganaden-velvindron

Logan during his trip to Morocco while hacking the OpenSSH & IPv6 code. Oh, he’s holding the water bottle while Theo de Radt (founder of OpenBSD) stands on the right.

IPv6

Logan advocates the adoption of IPv6, since we’re everyday running out of IPv4 addresses. He shows concerns that the slow adoption of IPv6 is severely hampering the global growth of the internet.

LibreSSL

LibreSSL is a fork of OpenSSL that aims to provide a secure & reliable SSL toolkit. The fork was triggered by the advent of the Heartbleed bug which drew much criticism. At the moment a lot of effort is being made by OpenBSD developers to re-engineer the code-base. Logan has fixed a few memory allocation issues but he argues more needs to be done.

Lastly, I asked Logan if he’d agree to mentor the young fellows wishing to contribute in open source projects, to which he agreed certainly. He encourages Mauritians to try fixing bugs that affect them, get in touch with developers of the various projects and discuss the issue with them, follow their instructions and help them in making the software better.


Work Life

Loganaden Velvindron is a young fellow who works as a junior systems engineer at AFRINIC. AFRINIC is the organization that manages the allocation of IPv4 and IPv6 in the African region, and also, ASN allocation. AFRINIC sponsors some of Loganden’s open source work, and they have a long term vision of the internet for the african region, which aligns with some of his ideas.


Show your support

OpenBSD, OpenSSH, LibreSSL, among other cool software that come from the hacker-labs of the OpenBSD Foundation are products of creative ingenuity & hard work. Developers with some real passion for coding spend hours, days, months and years fine-tuning the code that assures you a reliable & secure usage. Should you wish to thank these fellows for their good work, please donate to the foundation for the good code to keep coming (^^,) …

OpenBSD and OpenSSH images taken from openbsd.org and openssh.com respectively.

The post OpenBSD and the little Mauritian contributor appeared first on HACKLOG.

10May/140

LUGM Meetup @ Pizza Perfect

Posted by Ish

As announced on Facebook earlier this week, we had a LUGM meetup today at Pizza Perfect. Scheduled to start at 11h00 but I woke up late. I end up missing the bus. The next one came 30 mins later & was damn slow on the road. Could I complain? Nope! So, I’d better listen to the Bollywood playlist on Kindle.

Ajay & Jagveer called me and I assumed others reached Pizza Perfect while I was still on way. Indeed, when I reached there around 12h05, a small team already was enjoying lunch with no pizza on the table. Aww! For once, I joined in to have a burger lunch too. A perfect vegetarian burger.

lugm-meetup-10-may-2014-burger

Today’s Geek Team

Jochen Kirstaetter & the kids, Nitin Mutkawoa, Shamsher Khudurun (aka Luffy), Jagveer Loky, Ajay Ramjatan, Ibraahim Atchia, Ashley Babajee, Nayar Joolfoo and me.

We had lunch & discussed random topics till 13h00. Afterwards we looked at the LUGM agenda. We started with handling of membership applications. I had quite a bunch of application forms to hand over. Since the secretary couldn’t make it today and we needed to find a novel method to store member details, Ajay volunteered to do this. I also had to handover membership fees from a few new members to the treasurer, that is Ajay. That made us discuss the future of LUGM as a growing community in Mauritius. We exchanged a few words about MITIA (Mauritius IT Industry Association) and the upcoming ProIT 2014 Conference.

lugm-meetup-10-may-2014-4

Don’t know if it was shooting against sunlight or the rainy weather that got me dark pictures.

lugm-meetup-10-may-2014-2

Next we had a lengthy discussion about LUGM website revamp. Ajay proposed having a team assigned with different roles, such as webmaster, maintainer/developer, content writers & editors. Everyone pretty much agreed on this. Initially I didn’t want to be in the web team as I rather wanted to direct resources to the Magazine idea. As it happens though, magazines look like an old-fashioned artifact. I changed my mind and joined the web team. Nayar and Nitin volunteered as well. In fact, Nayar also volunteered to put some energy into reviving the LUGM forum as he has some experience writing plugins for MyBB.

While the discussion was still ON, Nitin & Luffy helped Jagveer load Kali Linux onto his laptop. The new recruit was happy.

Ajay tossed the topic on communication channels. The LUGM mailing list looks like an obsolete tool for communication. I agreed as most of the emails go unanswered or might get a response only weeks after. We discussed on the possibility of automatically posting announcements to various social network channels. As of today we have a Facebook group, a Google plus account and a Youtube channel. We intend to set up Twitter and Linkedin accounts and interconnect them.

We also discussed about revenue possibilities through the LUGM website. Ajay showed us the traffic stats of LUGM website. Our jaws dropped!! Nayar & I, simply couldn’t believe those stats. They’re some great revenue potential for the association and the website revamp could make all this happen naturally. Ronny joined the discussion through Skype and shared his views regarding the website revamp.

lugm-meetup-10-may-2014-5

Lastly, I opened discussion about Ubuntu Mauritius. I explained how it came to my mind putting energy in the Ubuntu Mauritius group which exists since 2011. I’m spending much time working on Ubuntu and CAE Linux (based on Ubuntu 12.04) these days. It makes it easier for me advocating the same and answer questions that are directed towards the project. I could thus help other Ubuntu users & enthusiasts guiding them into bug reporting and doing advocacy on their end. Nayar already has a project that could end up being the first package under ubuntu-mu PPA.

lugm-meetup-10-may-2014-1

Meetup ended around 15h30 on a happy note with quite a huge list of tasks ahead.

The post LUGM Meetup @ Pizza Perfect appeared first on HACKLOG.