Linux User Group of Mauritius Promoting open source software in our beautiful island

31Oct/150

Insecure Internet in Africa & Mauritius

Posted by logan

2 years ago

In 2013, like many Internet Users I was deeply shocked when I learned about the extent of Pervasive Internet surveillance. Countries were monitoring your actions on the Internet, and they were secretly collecting your data. Many Internet institutions took a public stand: https://www.icann.org/news/announcement-2013-10-07-en

Now in 2015

2 years later, despite montevideo statement, Pervasive surveillance is still present. There is little indication that those countries are going to stop. Projects like DNSSEC & PKI(s) to improve the security of the internet are here. However, DNSSEC & PKI solve 2 specific problems. DNSSEC provides an authentication mechanism for DNS. You can have some level of confidence that www.ebay.com is secure when you connect to it via DNSSEC. One of the major limitations of DNSSEC is that the question/response is not encrypted. A 3rd party can monitor my DNSSEC messages, and build a profile about my surfing habits, such as the time I usually check my Bank account.

PKI

PKI can be leveraged by ISPs to prevent accidental or intentional prefixes from being hijacked. The most known incident is when Pakistan Telecom broke Youtube on the whole Internet. However, when we look at the Internet, there are more avenues to make the Internet more secure such as protecting against address spoofing, which is causing routine DDOS attacks to occur against such websites as github. The next question is who is taking care of securing the other bits of the Internet in our region ? How much is Africa investing into not only improving Internet connectivity, but also securing our Internet ? (BCP-38 anyone ?)

Banks in Africa

The local banks are discouraging me from getting my statements via mail. They send it to me by email. However, that email is not encrypted/ digitally signed. My bank is also discouraging me from doing transactions by writing on a paper in one of their offices. They want me to use their mobile application which goes through some secure encryption scheme through a hostile Internet. I poked around, and realised that there are some issues with their security scheme. Can we trust NIST recommendations for cryptography when NIST vetted specifications that contained backdoors ? (URL of a discussion: http://lists.elandnews.com/archive/mauritius/internet-users/2015/06/2128.html)

Everyday habits

A few days ago, Another set of document revealed that the NSA is breaking VPN, SSH and HTTPS on a massive scale (geeky details here: http://thehackernews.com/2015/10/nsa-crack-encryption.html) . Those technologies are those that I use for my banking transactions, and also accessing the office remotely when I need to work. They are also used when I read my mail whether corporate or personal. What's worse is that it's becoming frighteningly cheaper for a small organization to do that thanks to the dropping price of computing power.

What are our organizations doing ?

Isn't it time for our public and private sectors to seriously look into improving the security of our internet that we rely upon daily for doing important things ? What about the Cyber/Internet Institutions that have a mandate and a budget in Africa & Mauritius ?

Filed under: pki No Comments
28Oct/150

Emtel <-> Orange peering problem

Posted by logan

Peering problem again

It looks like peering problem between Emtel & Orange are more frequent than I thought ! With an average of 662ms , this is definitely BAD . A few days ago, I was getting 70ms as average.


ping 41.136.243.249
PING 41.136.243.249 (41.136.243.249): 56 data bytes
64 bytes from 41.136.243.249: icmp_seq=0 ttl=51 time=584.352 ms
64 bytes from 41.136.243.249: icmp_seq=1 ttl=51 time=607.247 ms
64 bytes from 41.136.243.249: icmp_seq=2 ttl=51 time=627.821 ms
64 bytes from 41.136.243.249: icmp_seq=3 ttl=51 time=667.448 ms
64 bytes from 41.136.243.249: icmp_seq=4 ttl=51 time=824.904 ms
^C
--- 41.136.243.249 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 584.352/662.354/824.904/85.746 ms
Filed under: peering No Comments
23Oct/150

Emtel AirBox & Orange latency test

Posted by logan



Emtel Airbox

When Emtel announced their Airbox, I was initially thrilled, like many other Internet Users. A number of people who were very annoyed with Orange, decided to switch, causing Emtel to struggle to cope with the demand.

Orange to Emtel latency test

I asked a friend to give me his Emtel AirBox IP address to test the latency from my ISP to him, and also the other way round.

PING 154.71.9.70 (154.71.9.70) 56(84) bytes of data. 64 bytes from 154.71.9.70: icmp_seq=7 ttl=54 time=31.8 ms 64 bytes from 154.71.9.70: icmp_seq=8 ttl=54 time=12.0 ms 64 bytes from 154.71.9.70: icmp_seq=13 ttl=54 time=18.5 ms 64 bytes from 154.71.9.70: icmp_seq=16 ttl=54 time=10.6 ms 64 bytes from 154.71.9.70: icmp_seq=17 ttl=54 time=16.5 ms 64 bytes from 154.71.9.70: icmp_seq=19 ttl=54 time=13.5 ms ^C --- 154.71.9.70 ping statistics --- 19 packets transmitted, 6 received, 68% packet loss, time 18037ms
Wohoo ! It looks like Emtel and Orange are finally moving to correct the peering issues that I identified earlier. We now moved from 78ms to an average of 13ms from Orange to Emtel Airbox.

From Emtel to Orange

Nishal advised to also test the other way: from Emtel to Orange. I asked my friend to ping my Myt30MB/s IP address. The results are:
ping 41.136.241.246 ping 41.136.241.246 with 32 bytes of data: ly from 41.136.241.246: bytes=32 time=17ms TTL=54 ly from 41.136.241.246: bytes=32 time=12ms TTL=54 ly from 41.136.241.246: bytes=32 time=12ms TTL=54 statistics for 41.136.241.246: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), roximate round trip times in milli-seconds: Minimum = 12ms, Maximum = 17ms, Average = 13ms
Awesome ! We are also getting an average of 13ms from Emtel Airbox to Orange.

Wait a second !

How come we are observing 68% packet loss from Orange to Emtel ? That means that on average, more than 3/5 of the traffic is lost, and eventually re-transmitted. That's bad ! It's killing performance for my friend's Internet Connection. In other words: high loss together can slow down TCP to a crawl.

High latency, and Packet loss is one of the major problems of Internet Users in Mauritius. Emtel should look into improving its wireless coverage to reduce packet loss to at most one tenth for the Emtel Airbox customers to enjoy a decent Internet Connection. I'm also happy to see some action from Emtel and Orange to fix the peering. However, there's still a lot of work ahead of us.

Filed under: emtel No Comments
23Oct/150

Emtel AirBox & Orange latency test

Posted by logan



Emtel Airbox

When Emtel announced their Airbox, I was initially thrilled, like many other Internet Users. A number of people who were very annoyed with Orange, decided to switch, causing Emtel to struggle to cope with the demand.

Orange to Emtel latency test

I asked a friend to give me his Emtel AirBox IP address to test the latency from my ISP to him, and also the other way round.

PING 154.71.9.70 (154.71.9.70) 56(84) bytes of data. 64 bytes from 154.71.9.70: icmp_seq=7 ttl=54 time=31.8 ms 64 bytes from 154.71.9.70: icmp_seq=8 ttl=54 time=12.0 ms 64 bytes from 154.71.9.70: icmp_seq=13 ttl=54 time=18.5 ms 64 bytes from 154.71.9.70: icmp_seq=16 ttl=54 time=10.6 ms 64 bytes from 154.71.9.70: icmp_seq=17 ttl=54 time=16.5 ms 64 bytes from 154.71.9.70: icmp_seq=19 ttl=54 time=13.5 ms ^C --- 154.71.9.70 ping statistics --- 19 packets transmitted, 6 received, 68% packet loss, time 18037ms
Wohoo ! It looks like Emtel and Orange are finally moving to correct the peering issues that I identified earlier. We now moved from 78ms to an average of 13ms from Orange to Emtel Airbox.

From Emtel to Orange

Nishal advised to also test the other way: from Emtel to Orange. I asked my friend to ping my Myt30MB/s IP address. The results are:
ping 41.136.241.246 ping 41.136.241.246 with 32 bytes of data: ly from 41.136.241.246: bytes=32 time=17ms TTL=54 ly from 41.136.241.246: bytes=32 time=12ms TTL=54 ly from 41.136.241.246: bytes=32 time=12ms TTL=54 statistics for 41.136.241.246: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), roximate round trip times in milli-seconds: Minimum = 12ms, Maximum = 17ms, Average = 13ms
Awesome ! We are also getting an average of 13ms from Emtel Airbox to Orange.

Wait a second !

How come we are observing 68% packet loss from Orange to Emtel ? That means that on average, more than 3/5 of the traffic is lost, and eventually re-transmitted. That's bad ! It's killing performance for my friend's Internet Connection. In other words: high loss together can slow down TCP to a crawl.

High latency, and Packet loss is one of the major problems of Internet Users in Mauritius. Emtel should look into improving its wireless coverage to reduce packet loss to at most one tenth for the Emtel Airbox customers to enjoy a decent Internet Connection. I'm also happy to see some action from Emtel and Orange to fix the peering. However, there's still a lot of work ahead of us.

Filed under: Uncategorized No Comments
23Oct/150

Mauritius Internet Exchange Point and Our Latency

Posted by logan




What is an Internet exchange point ?


An Internet Exchange Point is basically a busy bus station where all of the island internet traffic meets. I have a friend who lives in Mont Roches, and he lives very close by. We often play Counter Strike or other games. He could be an Emtel customer, whereas I am an Orange customer. It makes no sense for his gaming session to go through Europe or the US, when he is playing against myself. The same goes for me. The Mauritius Internet Exchange Point is where my traffic and his internet traffic can meet other. Instead of going through Europe, his ISP can talk to my ISP through the Internet Exchange Point. The advantage of doing that for Internet Users is that the latency is reduced. The time it takes for his internet traffic to reach my computer is reduced. At least that's how it's supposed to be.


A few weeks ago ...

While doing a latency test from Emtel to Orange, I realised that the latency was almost 350 ms . That's huge for traffic which is supposed to be managed by the Mauritius Internet Exchange Point. In countries like Kenya, The Kenyan Internet Exchange Point can reduce latencies among local ISP to 2-10 ms . 350ms is the latency I usually get from gaming servers in Europe.

I send a mail

Being curious, I write a mail, and I get a reply from one of the members of the Mauritius Internet Exchange Point Association, asking for more technical details.

A few days later ...

I do the same test from Emtel to Orange, and I get 78ms as latency ! That's cut almost to one third. That's reasonable, but in my humble opinion, if Kenyan Internet Exchange Point can get 2-10ms, why can't we get that ? What is the advantage of a very low latency in Mauritius ? Well, we can get fluid experience for gamers hosting Local matches. We can get our viber/whatsapp for people who do voice calls. Below 50ms, Interesting mobile applications for the Mauritian market can hatch. Right now, the voice quality of viber calls is horrible in Mauritius. If we had a local viber node, and latency of around 20ms, we would get great experience talking to another Mauritian on the island.

The future

I sincerely hope that the Mauritius Internet Exchange Point fixes the latency issue. 78 ms is still quite high for Local Internet Traffic between ISPs , where other countries are reaching 2-10ms between ISPs. I'm positive that my dream of improving the Internet in Mauritius is slowly coming reality as many gamers are currently getting better latencies from Emtel Airtel to Orange FTTH, and vice-versa. We can still do better !

Filed under: mixp No Comments
18Oct/150

Extend battery life on Linux with PowerTop

Posted by Ish

One of the greatest fun spoilers when loading your favorite Linux distribution on your new laptop is battery life.

Yes, the battery life that goes upto 4 hours with Microsoft Windows could easily drain down to 2.5 hours with a classic Ubuntu installation. A major argument will be that Linux distributions do not come with optimized under-the-hood power settings. We should not forget that most Linux distributions aim to support a majority of computer hardware out of the box. We are surely happy that we do not need to struggle with hardware incompatibility issues, driver versions etc, as it could be the case with a Windows installation. However, the downside is that the Linux kernel could be bloated with “stuffs” not required for your laptop.

In a recent past there was a tool called Jupiter that allowed some handy power consumption optimizations. The project is now discontinued.

Some claim that TLP which was originally designed for ThinkPads, could optimize power consumption on other brands. I had no such luck with an Acer Aspire notebook.

Recently, I tried PowerTop, a power-management utility by Intel that enables a series of powersaving modes in userspace, kernel and hardware. PowerTop can also monitor and identify applications with a high power demand. I’ve used PowerTop to extend the battery life of my ThinkPad from 3.5 hours to 6 hours; a whopping 2.5 hours gain.

Powertop can be installed from the Ubuntu software repository.

sudo apt-get install powertop

At first run, you need to calibrate it so as it gathers as much information about your machine.

sudo powertop --calibrate

This could take up some minutes and the screen would flicker and even turn off for a while. Do not panic, just let it run and go grab a coffee.

Once done, PowerTop will load with an “overview” of your running applications, their power consumption and battery life estimation. Press the “tab” button to navigate through. The “tunables” tab lists a series of settings that have been applied to your system.

powertop-tunables

After the calibration, PowerTop will have a list of measurements that it could use to tune your system every time you launch it. Therefore, next time you may launch PowerTop as follows:

sudo powertop --auto-tune

Ideally, you could also start PowerTop when the laptop boots. Just add the following in the /etc/rc.local file before the exit 0:

# Loading power-saving schemes
powertop --auto-tune

On that note, happy power saving :)

The post Extend battery life on Linux with PowerTop appeared first on HACKLOG.

Tagged as: No Comments
12Oct/150

How to protect your phone from Stagefright?

Posted by Ish

A few weeks ago, Logan and some fellow geeks had a video podcast about Stagefright; the much feared Android vulnerabilities. News articles around the web have dubbed Stagefright as having the possibility to compromise millions of Android powered handsets. In fact, at the time of writing this blog post many mobile phone manufacturers haven’t yet released updates to fix Stagefright and other reported bugs.

The Stagefright vulnerability was detected and reported by Joshua Drake, the VP of Platform Research and Exploitation and an expert at Zimperium zLabs. To verify if a mobile phone is vulnerable to Stagefright, one may use the Stagefright Detector app by Zimperium INC.

stagefright-vulnerabilities

What is Stagefright?

Stagefright is a group of ‘bugs’ that have been identified and are potentially exploitable in the Android operating system. More information about these vulnerabilities are published under the following CVEs at cve.mitre.org:

CVE-2015-1538
CVE-2015-1539
CVE-2015-3824
CVE-2015-3826
CVE-2015-3827
CVE-2015-3828
CVE-2015-3829
CVE-2015-3864

How does Stagefright work?

The attack happens by exploiting vulnerabilities in the Multimedia Messaging Service (MMS). An attacker can include a piece of malicious code in a video and send the same through MMS. Most handsets have the “auto-retrieve” feature enabled. Therefore, the code gets executed on the phone even if the phone’s owner does not open the message. This happens during the auto-retrieval of the message.

Depending on what sort of code is run, an attacker may get the ability to control the phone, execute commands, copy/delete files, trigger the camera at will etc.

How to protect your phone from Stagefright?

The best protection would come through security patches released by the phone manufacturer. Alas, until that happens, one is left with a vulnerable phone. Therefore, to mitigate a Stagefright attack, one could disable the “auto-retrieve” feature. To do so, navigate to:

Messages > Settings > Multimedia Message (MMS)

Thereby, disable the “auto-retrieve” feature.

stagefright-mms-auto-retrieve

However, this will only “mitigate” the attack. The malicious code does not get executed through auto-retrieval, but it will execute if the message is opened by someone.

To enforce an added security, one may disable the MMS functionality since it is not much a messaging tool used nowadays. To do so, go to:

Settings > Wireless & Networks > More > Mobile Networks > Access Point Names

You should normally find two APNs, one for SMS and one for MMS. I am subscribed to Orange Mauritius and the MMS APN is listed as “MMS Orange”. Once you have identified the correct APN, tap it and scroll down to the “APN enable/disable” option. That’s it. You may disable the MMS APN which will prevent your phone from both sending and receiving MMS.

mms-apn-disable

The post How to protect your phone from Stagefright? appeared first on HACKLOG.

12Oct/150

How to protect your phone from Stagefright?

Posted by Ish

A few weeks ago, Logan and some fellow geeks had a video podcast about Stagefright; the much feared Android vulnerabilities. News articles around the web have dubbed Stagefright as having the possibility to compromise millions of Android powered handsets. In fact, at the time of writing this blog post many mobile phone manufacturers haven’t yet released updates to fix Stagefright and other reported bugs.

The Stagefright vulnerability was detected and reported by Joshua Drake, the VP of Platform Research and Exploitation and an expert at Zimperium zLabs. To verify if a mobile phone is vulnerable to Stagefright, one may use the Stagefright Detector app by Zimperium INC.

stagefright-vulnerabilities

What is Stagefright?

Stagefright is a group of ‘bugs’ that have been identified and are potentially exploitable in the Android operating system. More information about these vulnerabilities are published under the following CVEs at cve.mitre.org:

CVE-2015-1538
CVE-2015-1539
CVE-2015-3824
CVE-2015-3826
CVE-2015-3827
CVE-2015-3828
CVE-2015-3829
CVE-2015-3864

How does Stagefright work?

The attack happens by exploiting vulnerabilities in the Multimedia Messaging Service (MMS). An attacker can include a piece of malicious code in a video and send the same through MMS. Most handsets have the “auto-retrieve” feature enabled. Therefore, the code gets executed on the phone even if the phone’s owner does not open the message. This happens during the auto-retrieval of the message.

Depending on what sort of code is run, an attacker may get the ability to control the phone, execute commands, copy/delete files, trigger the camera at will etc.

How to protect your phone from Stagefright?

The best protection would come through security patches released by the phone manufacturer. Alas, until that happens, one is left with a vulnerable phone. Therefore, to mitigate a Stagefright attack, one could disable the “auto-retrieve” feature. To do so, navigate to:

Messages > Settings > Multimedia Message (MMS)

Thereby, disable the “auto-retrieve” feature.

stagefright-mms-auto-retrieve

However, this will only “mitigate” the attack. The malicious code does not get executed through auto-retrieval, but it will execute if the message is opened by someone.

To enforce an added security, one may disable the MMS functionality since it is not much a messaging tool used nowadays. To do so, go to:

Settings > Wireless & Networks > More > Mobile Networks > Access Point Names

You should normally find two APNs, one for SMS and one for MMS. I am subscribed to Orange Mauritius and the MMS APN is listed as “MMS Orange”. Once you have identified the correct APN, tap it and scroll down to the “APN enable/disable” option. That’s it. You may disable the MMS APN which will prevent your phone from both sending and receiving MMS.

mms-apn-disable

The post How to protect your phone from Stagefright? appeared first on HACKLOG.

11Oct/150

Node.js smart server by Yog Lokhesh Ujhoodha

Posted by Ish

The Linux User Group of Mauritius organized a Node.js presentation yesterday at the University of Mauritius. Logan announced the same weeks ago and the prez was done by fellow Yog Lokhesh Ujhoodha.

The night before I had a “Happy Hour” party with colleagues and consequently Saturday morning left me drowsy. I reached the University of Mauritius before noon and was damn hungry. I was looking for room 2.12 when I met Yog, Logan and Humeira who were chatting near in the corridor. Others were having a casual talk in a smaller room while waiting for another class to be free. We needed the projector and a little bit of electricity to power Logan’s laptop :) The fellow has been doing a nice job by supplying gear for broadcasting the meetups on YouTube and allowing remote participation through Google Hangout. Kudos for that!

Thanks to Veer who was heading for the cafeteria, I asked him to bring me some food too. That saved my life :)

The prez started around 12h30 with a dozen participants in the class and several others through Google Hangout.

yog-nodejs-prez

Node.js presentation by Yog Lokhesh Ujhoodha

lugm-usual-suspects-at-nodejs-prez

LUGM usual suspects :)

Yog introduced Node.js and cleared the myth whether ‘Node.js’ is a webserver. It’s a runtime that executes JavaScript on the server-side using Google’s V8 open source JavaScript engine. I particularly liked the flow of his prez in the sense that he described a problem and what followed was how he would tackle it. Along the way, he gave an overview of web server architectures laying emphasis on multi-threaded vs event-driven; while taking Apache and Nginx as examples.

Yog explained through his code, how he identifies the number of CPU cores in a machine and proceeds with forking of child processes.

var cluster = require('cluster');
var numCPUs = require('os').cpus().length;

if (cluster.isMaster) {
    // fork workers
    var proc = Array();
    for  (var i = 0; i < numCPUs; i++) {
        proc[i]=cluster.fork();
    }
}else{ //forked worker

}

Later on he would explain how he runs the child process on a specific CPU core and thus eliminates delays caused by CPU switching [etc..] which he explained initially when describing webserver architectures. Those who missed the meetup can catch up on YouTube.

As and when Logan would switch to remote participants, Nitin and I grabbed the moment to discuss about his new blog tunnelix.com. I also showed Humeira the Firefox OS running Orange Klif mobile.

While others left after the presentation, some of us headed to Bagatelle Mall for a chill-out moment.

The post Node.js smart server by Yog Lokhesh Ujhoodha appeared first on HACKLOG.

Tagged as: No Comments
5Oct/150

The last day of Infotech 2015

Posted by Ish

On Saturday afternoon Ajay confirmed me he’ll come for the OpenELEC demos at Infotech 2015 the next day. So, I hopped in to help too. Hmm, well, “help” might be a big word here. I was only around on Sunday with my laptop shooting random stuffs and chatting with a few people about Linux as an “everyday” alternative.

I had a nice chat with Riad from the National Computer Board. We also talked about some projects that are in loop where the Linux User Group of Mauritius would benefit from.

The day started shortly after 11h00 for me. Ajay had reached right at the moment when I entered the parking lot of Swami Vivekananda Int’l Convention Centre. The food court was half full as people were still coming in. However, it wasn’t that busy for a Sunday. I felt like previous editions had more people on the last day.

We got the gears ready and Ajay configured his media server to play some videos through the Raspberry Pi while Chris Gunnoo was as excited to demo his robots to the curious visitors.

ajay-ramjatan-infotech-2015

OpenELEC garnered visitors attention

Ajay told me that the day before, after I left, a visitor was particularly interested with the OpenELEC demo. The fellow works as a cook and he was so amazed by the cooking channels that Ajay showed him, he bought a pendrive and asked for a live image that he could use at home. Ajay was happy to provide him one :)

cooking-channel-infotech-2015

Foodcourt refused to sell me Indian curry separately

Around 12h30 I went to have lunch. I bought sandwiches, french fries and a glass of “alouda”. Something interesting happened later in the evening though. I had left Infotech earlier then came back with my mom & auntie in the evening. Mom told me that I could find some vegetarian Indian curry if I’d like. I went there and decided to buy the “paneer curry” only. I asked the lady to sell only a portion of the curry in one of the plastic recipients but as she was going to do so a guy stopped her. I was curiously watching the scene and the guy who appeared to be like a “bossing around manager” tells her to tell me that they cannot sell the curry separately because they will be in short of plastic recipients for other customers. Huh! That was fun because the food-court was 3/4 empty at 18h50. Infotech was due to end at 19h00. The lady was feeling awkward to tell me the reason why she can’t sell one curry only but I had witnessed the scene. I smiled at her and said, “it’s okay” and I left.

Well, that was something I wanted to share in my blog post wondering if other people might have experienced similar situations at the Indian food section of the food-court.

Anyway, back to my story, we’re still around 12h30, I grab my sandwiches, french fries, alouda and reach for a table. All tables were occupied. I asked a gentleman if I could share his table, he politely said I could. I was eating and half-way lost in my thoughts when a guy approached and greeted me. Oh, he apologized for disturbing while I’m eating, that’s courtesy :) That was Suyash Sumaroo from Codevigor Ltd. He shared a stand with Ebène Accelerator fellows in the main hall where he showcased his online service document.mu. We talked about his application and had a quick chat about entrepreneurship and the struggle of start-ups in Mauritius.

When I came back to the LUGM stand I found a mini crowd peeking over the Raspberry Pi.

crowd-infotech-2015

Ajay handled like a maestro. I answered a couple of questions people asked about the RPi, its price, how it is programmed, does it come “naked” as in without a casing etc. Then some familiar faces popped in. They were folks from the University of Mauritius Computer Club.

uom-computer-club-infotech-2015

Later I met Sadhveer and I was glad to hear that her little sister is a Linux user too :)

sadhveer-infotech-2015

Infotech 2015 ended on a good note that the National Computer Board has some promising avenues for future collaboration with the Linux User Group of Mauritius.

The post The last day of Infotech 2015 appeared first on HACKLOG.