Linux User Group of Mauritius Promoting open source software in our beautiful island

26Sep/151

Linux meetup : An introduction to Flask by Avinash Meetoo

Posted by logan

Flask is a web microframework which was created by Armin Ronacher of Pocoo and it is written in python. The “micro” in microframework means Flask aims to keep the core simple but extensible.

Flask is based on MVC Web Architecture which allows you to have models, views and controllers and plugins can be added to make it more powerful. LinkedIn and Pinterest both make use of Flask.
Flask is considered more Pythonic than Django because Flask web application code is in most cases more explicit.

The following code below shows a simple web application which was explained by Avinash Meetoo during the Linux meetup.


from flask import Flask
// First we import the Flask class.
From flask import render_template
// render_template is a function being imported from module flask.
app = Flask(__name__)
// Next we create an instance of this class called app which is basically a controller.
// (__name__)is needed so that Flask knows where to look for the assets like css, js and templates.
@app.route('/')
//Next, we define route for the home of the web application, which is accessed through the url – localhost:5000/
def home():
return render_template(‘home.html’)

// home() is the function that is executed each time a request come to this route (‘/’). In this function, it is going to render a template which is ‘home.html’.
if __name__ == '__main__':
// makes sure the server only runs if the script is executed directly from the Python interpreter and not used as an imported module.
app.run(debug = True)
// Finally we use the run () function to run the local server with our application.

 

“demo.py” was used as the controller to render the template ‘home.html’ .

During this presentation, Avinash Meetoo explained the codes and functionalities that he used when he created a web application for the general elections in 2014. “electionsmauritius.py” was used as the controller to run the application.
Flask is easy to get started with as a beginner because there is little boilerplate code for getting a simple app up and running.
The presentation can be found on the YouTube link below:

 

Summary done by Neha Gunnoo.

 

26Sep/150

Privacy Compliance Assessment in Mauritius

Posted by Ish

Privacy is a subject that is poorly understood in Mauritius. I often see local websites collecting information through contact forms yet having no privacy policy or some times the policy is a mere “copy & paste” without considering compliance as per the Data Protection Act 2004 of Mauritius.

Privacy Compliance Assessment in MauritiusCompliance with the Data Protection Act can be a cumbersome process for many. Some might even ignore it as very few people ever question about privacy in Mauritius. Nonetheless, the law remains the law. To help in making privacy simpler to understand and comply with, several months ago, Nadim Bundhoo, Nirvan Pagooah, Ajay Ramjatan, S. Moonesamy and I collaborated on a project, which we called the “Privacy Compliance Assessment” webapp.

The Privacy Compliance Assessment web application can be accessed at http://www.elandsys.com/~sm/privacy-mu.

As per the Data Protection Act, a “data controller” is a person who either alone or jointly with any other person, makes a decision with regard to the purposes for which and in the manner in which any personal data are, or are to be, processed.

A data controller needs to make sure that procedures of collection, processing and storage of personal data as set are compliant with the Data Protection Act 2004 of Mauritius.

We’re thankful to the Data Protection Commissioner, Mrs. Drudeisha Madhub and her team, who provided us the relevant information. The Data Protection Office helped us throughout the project with regular reviews and suggesting amendments.

The Data Protection Commissioner accepted our invitation to introduce the webapp and do a presentation during the Developers Conference 2015.

How does the app work?

The application runs on the client side, that is your Internet browser. The assessment takes you through a series of questions that can be answered with a Yes/No toggle button. At the end of the assessment, you’re told whether your organization is compliant with the Data Protection Act 2004. Information that you provide are not sent back to the server. You may run the assessment as many times as you require.

The web application is released under the GNU General Public License (GPL) version 2. You may use the app, modify it and redistribute it as allowed under GNU GPLv2.

We aim to present “privacy” in a simple way and make “privacy compliance” a bit of a fun thing to achieve :)


On 15 May 2014, I highlighted a major privacy breach on the mnic.mu website where personal data collected through Google Forms were exposed on the Internet.

On 1 June 2014, I reported a data leak on the government web portal that affected over 9,000 people.

On 7 July 2014, I presented security flaws on the government web portal that could lead to data leakage.

On 5 October 2014, I wrote about my concerns over the use of Face recognition CCTV cameras in urban areas of Mauritius.

On 3 October 2014, S. Moonesamy reported privacy concerns with konetou advertising.

On 21 September 2015, S. Moonesamy wrote to the Government Online Centre regarding the “privacy policy” of www.govmu.org.

On 23 September 2015, I wrote to the Ministry of Technology, Communication and Innovation, highlighting my concerns as to the collection of personal data through the “login captcha” on the government web portal.

The post Privacy Compliance Assessment in Mauritius appeared first on HACKLOG.

26Sep/150

Opensource Web application in Collaboration with Government Agency

Posted by logan

The Data Protection Office has a self-assessment questionnaire ( http://dataprotection.govmu.org/English//DOCUMENTS/SELF%20ASSESSMENT%20PDF.PDF ) for compliance with Data Protection obligations. Doing such an assessment on paper and evaluating the results can be a cumbersome process.

Subramanian Moonesamy, Ishwon K. Sookun, Bundhoo Mohammad Nadim, Tejas Pagooah and Ajay Ramjatan volunteered five months of time and effort to develop a Privacy Compliance Assessment Webapp in collaboration with the Data Protection Office to make the process as user-friendly as possible. The Web app can be accessed at http://www.elandsys.com/~sm/privacy-mu/

DPO-webapp

 

It is the first time a group of volunteers in Mauritius develop an Open Source Software project in collaboration with a government agency. It was also to showcase responsive web design, i.e. the Webapp looks good on a desktop, tablet or a mobile.

The webapp does not store cookies, nor uses any other web tracking mechanism. Hence anyone who conducts an assessment using this webapp can do it anonymously, without any fear of being tracked.

The webapp is free software and can be freely distributed or modified under GNU General Public License.

26Sep/150

Introduction to Flask

Posted by Ish

On the 14th of September 2015, Avinash Meetoo replied to this email on the Linux User Group of Mauritius (LUGM) mailing list and showed interest in doing a presentation for the next LUGM meetup.

The meetup happened today in Curepipe. I was not able to attend it physically, but thanks to Logan who did the necessary for setting up a Google Hangout session, I joined around 13h00. Shortly after, Avinash started his presentation “Introduction to Flask”.

flask-intro-avinash-meetoo

He welcomed everyone who joined and gave a quick brief about the underlying infrastructure of webapps. I particularly liked the way he explained the model-view-controller (MVC) software design pattern; taking from there he talked about Python frameworks. The popular Django framework comes first, Avinash says. Django should be a powerful framework when a lot is needed for a project, like an interface for backend etc. However, if someone wants a pretty quick setup, say for example a prototype for demo’ing to customers or a small web application, there is this Python micro-framework called Flask that comes handy. Avinash explains why it’s called a “micro” framework; reason being it’s limitation to a subset of functions that full stack Python frameworks would offer. Nonetheless, the functions in Flask are pretty enough for setting up web applications.

flask-logo

Avinash mentioned how he uses Flask in his many projects at Knowledge Seven and how he designed his web application electionsmauritius.com. He and his wife, Christina, came up with an idea about a web application to help Mauritians vote intelligently, two weeks before the General Elections 2014. Avinash then put his genius in the making of the “Elections Mauritius” webapp.

During the presentation, Avinash showed a demo of a simple web application and unveiled the code behind his “Elections Mauritius” web application. The prez lasted for approximately 50 mins including the questions & answers at the end. Those who missed the Hangout session can still catch up on YouTube and once again, thank you Avinash :)


Flask logo used from flask.pocoo.org.

The post Introduction to Flask appeared first on HACKLOG.

Tagged as: No Comments
18Sep/150

Nginx virtual host configuration

Posted by Ish

What is Nginx?

Nginx (pronounced engine-x) is a reverse proxy which gained popularity in the recent years. A lot of people, including me, use Nginx as a web server thanks to its event based multi-protocol support. Nginx supports HTTP and that is what we need to run it as a web server. The strong point of Nginx compared to traditional web servers is that each spawned process of Nginx can handle thousands of concurrent connections. Nginx does not embed programming languages within its own process, therefore all dynamic handling (such as PHP) is done through a backend server. PHP-FPM works great as a backend server to handle PHP scripts.

Nginx configuration

Nginx virtual host configurationBefore we dive into the Nginx virtual host configuration, we might need to grasp a little bit of the basics. The Nginx configuration can be classified in two parts; the directives and the contexts. A directive is an identifier that can accept one or several configuration options. A context on the other hand is a section which may contain several directives. The word “context” is mostly used in the Nginx documentation rather than “section”.

A directive would be as follows:

worker_connections 768;

A context would be like:

events {
    worker_connections 768;
    # multi_accept on;
}

A context may contain one or several directives within curly brackets {}. Directives can be disabled by commenting them with the # symbol.

To define a virtual host in Nginx we create a “server” context. This context will handle configuration directives like the hostname, the root directory etc. A basic virtual host in Nginx looks as follows:

server {
    listen 80;
    server_name mysite.com;
    
    root /var/www/mysite;
    index index.html;
}

The configuration tells Nginx to listen to port 80, handle requests for “mysite.com” and serve contents from the /var/www/mysite directory. The index directive tells Nginx to set “index.html” as the default file to serve.

Backend interaction

There is a sub-context called “location” within the server block. The location context handles URI matching. It tells Nginx what to do when a particular URI is sent by the client. Backend communication happens by sending the request to the backend server once the URI matching is completed and conditions are met. The server context may have server location sub-contexts; as we in the example below:

server {
    listen 80;
    server_name mysite.com;
    
    root /var/www/mysite;
    index index.html;

    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ .php$ {
        include fastcgi.conf;
        fastcgi_pass 127.0.0.1:9000;
    }
}

If a URI ends with .php the request is sent to the PHP5-FPM backend server. If a URI does not end with .php the location / is used. Nginx tries to search a file that matches the URI; if that fails, it tries to find a directory of that name and serves the index file. If both fail, the request is redirected internally to /index.php and the request is handled by the backend server.

The post Nginx virtual host configuration appeared first on HACKLOG.

Tagged as: No Comments