Linux User Group of Mauritius Promoting open source software in our beautiful island

23May/160

Developers Conference 2016, day 3 with openSUSE bug hunting

Posted by Ish

I had my «openSUSE bug hunting» presentation scheduled at 09h30 this morning. I’m usually very lazy on Sundays but the enthusiasm of the Developers Conference is just an amazing feeling. Though we live on a small island, we get to meet some people maybe just once a year during this fun event. I picked up Shelly on the way and we reached Voilà Hotel at 09h05. Right at the hotel entrance Yash was waiting, he might have seen us coming. We went upstairs chatting and met JoKi. My presentation was scheduled at the Accelerator and I thought I’d just go and test the gear. Aargh! The TV had only HDMI cable and my ThinkPad had VGA & a Mini DisplayPort. That said, I needed an adapter. Joffrey who came around greeting everyone had a HDMI to VGA cable, which he lent me. At that same time JoKi also came with a Mini DisplayPort to HDMI convertor. Great! Then I had an adapter plus a backup.

I mirrored my laptop display and checked if everything’s fine. All good and it was 09h30.

Developers Conference 2016, openSUSE bug hunting

Thank you for the photo, Shelly :)

However, folks were still coming, so we thought let’s just wait till 09h45 giving a chance for others to arrive. Indeed I started at 09h45 sharp with a 3/4 full room and just a few minutes later it was «house full». That was great and a true encouragement though a Sunday morning.







Thank you for the (re-)tweets folks. :D

I chose the title of my prez «openSUSE bug hunting» from a blog post I wrote in 2013 while running «release candidates» of openSUSE. Starting the presentation I spoke about how some folks might organize special events working to hunt and find bugs, while some bugs we just encounter when doing regular tasks. What do we do when we find one of those bugs? Do we just ignore and think, «it’s just an error, nothing more», and we continue work? Do we search on the internet whether others encountered similar errors and if there is a fix? Few people ever consider filing a bug report through the right channel, unless it’s just a «button» away like some applications (e.g web browsers) offer.

Bug reporting most of the time require some information gathering from the system; that is where I took the presentation. Before diving further into the system though, I opened a few bug reports from openSUSE Bugzilla to show as example. I also gave a quick overview of the openSUSE Build Service and openSUSE Connect. That helped show the audience how to find package maintainers and get information about official and non-official packages.

I did not have slides; but I rather fired-up an openSUSE Vagrant box inside which I had setup an environment for demos. The rest of the «talking» happened within the Vagrant box. We looked at how to obtain system information using command-line utilities and from the /proc fs. Next we looked at digging for application error info in log files. We played with systemctl and journalctl which gave us clear and concise information about application states. We then queried using rpm and its various options to get as much information about packages that we can use when filing the bug report. At that time an openSUSE user from the audience said we can also use zypper to search for installed packages on the system. Yes, indeed, but rpm -qa | grep php shows no clutter compared to zypper se php. I however grabbed the opportunity to tell the audience that folks having a «debian lifestyle» can still type aptitude equivalents to search and install packages from the command-line; thanks to the «zypper-aptitude» compatibility scripts written by Bernhard M. Wiedemann.

All while we continued digging for application errors and how to search and sort things from the logs; I did a quick demo using Nginx and PHP-FPM.


We talked about the need of default configuration files after installing PHP 7 and that such changes need to be addressed with the «openSUSE factory» guys.

It was near 10h30 and Jeshan signaled me that the next speaker had already come. I asked for a last 5 mins to show something quick using the «strace» tool. Actually a university student asked me a question before the event and I invited him to come to the prez and ask the question again so we could altogether see how tracing tools can help us find useful information for bug reports. That part of the prez might be good for a separate blog post. I sincerely have to apologize to the next speaker if he is reading this post; we started 15 mins late and that surely must have impacted other presentations.

Eddy and I talked about work stuffs after the presentation. Then some of us went to Bagatelle food-court for a mini-break. When we came back Sun was preparing his gear for the next presentation. He talked about grid systems, explained what are decks & cards and how it’s used on lexpress.mu. He showed some hidden features of lexpress.mu, like what happens when you type «heart» or «superlsl» while you’re on the homepage and how the text is read if you type «kozer» while you’re on an article page.


Sun demoed the «live article» feature of lexpress.mu and the work needed behind to keep it light, simple and fast. He talked about «facebook instant articles» and definitely we’re proud to be the first media group, not just in Mauritius, but in the African continent to deploy the same.


After Sun’s presentation I met my ex-colleagues and we went for a pizza & beer lunch at Flying Dodo.


The pizza being late and as the Developers Conference closing ceremony had started Shelly, Ubeid and I rushed back.

JoKi’s wife, Mary Jane, Vincent, Louis, Arnaud and a few others, we had figured how to hijack JoKi’s speech and bring on some more party time to celebrate JoKi’s birthday. Yeah, he’s getting old, now it’s confirmed as he turns 40. Ubeid quickly edited some slides and we told JoKi that as he finished his speech thanking everyone, we had a quick stuff to show; some sort of observation we’ve made. Ahaan! That’s when Arnaud, helped by Mary Jane’s cousin, they brought that big cake along with its table.

Everybody cheered! Everybody laughed. We all had fun, we had cake, we took crazy photos and celebrated the end of Developers Conference 2016.

Developers Conference 2016

Developers Conference 2016

Developers Conference 2016

The post Developers Conference 2016, day 3 with openSUSE bug hunting appeared first on HACKLOG.

Tagged as: No Comments
12Oct/150

How to protect your phone from Stagefright?

Posted by Ish

A few weeks ago, Logan and some fellow geeks had a video podcast about Stagefright; the much feared Android vulnerabilities. News articles around the web have dubbed Stagefright as having the possibility to compromise millions of Android powered handsets. In fact, at the time of writing this blog post many mobile phone manufacturers haven’t yet released updates to fix Stagefright and other reported bugs.

The Stagefright vulnerability was detected and reported by Joshua Drake, the VP of Platform Research and Exploitation and an expert at Zimperium zLabs. To verify if a mobile phone is vulnerable to Stagefright, one may use the Stagefright Detector app by Zimperium INC.

stagefright-vulnerabilities

What is Stagefright?

Stagefright is a group of ‘bugs’ that have been identified and are potentially exploitable in the Android operating system. More information about these vulnerabilities are published under the following CVEs at cve.mitre.org:

CVE-2015-1538
CVE-2015-1539
CVE-2015-3824
CVE-2015-3826
CVE-2015-3827
CVE-2015-3828
CVE-2015-3829
CVE-2015-3864

How does Stagefright work?

The attack happens by exploiting vulnerabilities in the Multimedia Messaging Service (MMS). An attacker can include a piece of malicious code in a video and send the same through MMS. Most handsets have the “auto-retrieve” feature enabled. Therefore, the code gets executed on the phone even if the phone’s owner does not open the message. This happens during the auto-retrieval of the message.

Depending on what sort of code is run, an attacker may get the ability to control the phone, execute commands, copy/delete files, trigger the camera at will etc.

How to protect your phone from Stagefright?

The best protection would come through security patches released by the phone manufacturer. Alas, until that happens, one is left with a vulnerable phone. Therefore, to mitigate a Stagefright attack, one could disable the “auto-retrieve” feature. To do so, navigate to:

Messages > Settings > Multimedia Message (MMS)

Thereby, disable the “auto-retrieve” feature.

stagefright-mms-auto-retrieve

However, this will only “mitigate” the attack. The malicious code does not get executed through auto-retrieval, but it will execute if the message is opened by someone.

To enforce an added security, one may disable the MMS functionality since it is not much a messaging tool used nowadays. To do so, go to:

Settings > Wireless & Networks > More > Mobile Networks > Access Point Names

You should normally find two APNs, one for SMS and one for MMS. I am subscribed to Orange Mauritius and the MMS APN is listed as “MMS Orange”. Once you have identified the correct APN, tap it and scroll down to the “APN enable/disable” option. That’s it. You may disable the MMS APN which will prevent your phone from both sending and receiving MMS.

mms-apn-disable

The post How to protect your phone from Stagefright? appeared first on HACKLOG.

12Oct/150

How to protect your phone from Stagefright?

Posted by Ish

A few weeks ago, Logan and some fellow geeks had a video podcast about Stagefright; the much feared Android vulnerabilities. News articles around the web have dubbed Stagefright as having the possibility to compromise millions of Android powered handsets. In fact, at the time of writing this blog post many mobile phone manufacturers haven’t yet released updates to fix Stagefright and other reported bugs.

The Stagefright vulnerability was detected and reported by Joshua Drake, the VP of Platform Research and Exploitation and an expert at Zimperium zLabs. To verify if a mobile phone is vulnerable to Stagefright, one may use the Stagefright Detector app by Zimperium INC.

stagefright-vulnerabilities

What is Stagefright?

Stagefright is a group of ‘bugs’ that have been identified and are potentially exploitable in the Android operating system. More information about these vulnerabilities are published under the following CVEs at cve.mitre.org:

CVE-2015-1538
CVE-2015-1539
CVE-2015-3824
CVE-2015-3826
CVE-2015-3827
CVE-2015-3828
CVE-2015-3829
CVE-2015-3864

How does Stagefright work?

The attack happens by exploiting vulnerabilities in the Multimedia Messaging Service (MMS). An attacker can include a piece of malicious code in a video and send the same through MMS. Most handsets have the “auto-retrieve” feature enabled. Therefore, the code gets executed on the phone even if the phone’s owner does not open the message. This happens during the auto-retrieval of the message.

Depending on what sort of code is run, an attacker may get the ability to control the phone, execute commands, copy/delete files, trigger the camera at will etc.

How to protect your phone from Stagefright?

The best protection would come through security patches released by the phone manufacturer. Alas, until that happens, one is left with a vulnerable phone. Therefore, to mitigate a Stagefright attack, one could disable the “auto-retrieve” feature. To do so, navigate to:

Messages > Settings > Multimedia Message (MMS)

Thereby, disable the “auto-retrieve” feature.

stagefright-mms-auto-retrieve

However, this will only “mitigate” the attack. The malicious code does not get executed through auto-retrieval, but it will execute if the message is opened by someone.

To enforce an added security, one may disable the MMS functionality since it is not much a messaging tool used nowadays. To do so, go to:

Settings > Wireless & Networks > More > Mobile Networks > Access Point Names

You should normally find two APNs, one for SMS and one for MMS. I am subscribed to Orange Mauritius and the MMS APN is listed as “MMS Orange”. Once you have identified the correct APN, tap it and scroll down to the “APN enable/disable” option. That’s it. You may disable the MMS APN which will prevent your phone from both sending and receiving MMS.

mms-apn-disable

The post How to protect your phone from Stagefright? appeared first on HACKLOG.

11Oct/150

Node.js smart server by Yog Lokhesh Ujhoodha

Posted by Ish

The Linux User Group of Mauritius organized a Node.js presentation yesterday at the University of Mauritius. Logan announced the same weeks ago and the prez was done by fellow Yog Lokhesh Ujhoodha.

The night before I had a “Happy Hour” party with colleagues and consequently Saturday morning left me drowsy. I reached the University of Mauritius before noon and was damn hungry. I was looking for room 2.12 when I met Yog, Logan and Humeira who were chatting near in the corridor. Others were having a casual talk in a smaller room while waiting for another class to be free. We needed the projector and a little bit of electricity to power Logan’s laptop :) The fellow has been doing a nice job by supplying gear for broadcasting the meetups on YouTube and allowing remote participation through Google Hangout. Kudos for that!

Thanks to Veer who was heading for the cafeteria, I asked him to bring me some food too. That saved my life :)

The prez started around 12h30 with a dozen participants in the class and several others through Google Hangout.

yog-nodejs-prez

Node.js presentation by Yog Lokhesh Ujhoodha

lugm-usual-suspects-at-nodejs-prez

LUGM usual suspects :)

Yog introduced Node.js and cleared the myth whether ‘Node.js’ is a webserver. It’s a runtime that executes JavaScript on the server-side using Google’s V8 open source JavaScript engine. I particularly liked the flow of his prez in the sense that he described a problem and what followed was how he would tackle it. Along the way, he gave an overview of web server architectures laying emphasis on multi-threaded vs event-driven; while taking Apache and Nginx as examples.

Yog explained through his code, how he identifies the number of CPU cores in a machine and proceeds with forking of child processes.

var cluster = require('cluster');
var numCPUs = require('os').cpus().length;

if (cluster.isMaster) {
    // fork workers
    var proc = Array();
    for  (var i = 0; i < numCPUs; i++) {
        proc[i]=cluster.fork();
    }
}else{ //forked worker

}

Later on he would explain how he runs the child process on a specific CPU core and thus eliminates delays caused by CPU switching [etc..] which he explained initially when describing webserver architectures. Those who missed the meetup can catch up on YouTube.

As and when Logan would switch to remote participants, Nitin and I grabbed the moment to discuss about his new blog tunnelix.com. I also showed Humeira the Firefox OS running Orange Klif mobile.

While others left after the presentation, some of us headed to Bagatelle Mall for a chill-out moment.

The post Node.js smart server by Yog Lokhesh Ujhoodha appeared first on HACKLOG.

Tagged as: No Comments
5Oct/150

The last day of Infotech 2015

Posted by Ish

On Saturday afternoon Ajay confirmed me he’ll come for the OpenELEC demos at Infotech 2015 the next day. So, I hopped in to help too. Hmm, well, “help” might be a big word here. I was only around on Sunday with my laptop shooting random stuffs and chatting with a few people about Linux as an “everyday” alternative.

I had a nice chat with Riad from the National Computer Board. We also talked about some projects that are in loop where the Linux User Group of Mauritius would benefit from.

The day started shortly after 11h00 for me. Ajay had reached right at the moment when I entered the parking lot of Swami Vivekananda Int’l Convention Centre. The food court was half full as people were still coming in. However, it wasn’t that busy for a Sunday. I felt like previous editions had more people on the last day.

We got the gears ready and Ajay configured his media server to play some videos through the Raspberry Pi while Chris Gunnoo was as excited to demo his robots to the curious visitors.

ajay-ramjatan-infotech-2015

OpenELEC garnered visitors attention

Ajay told me that the day before, after I left, a visitor was particularly interested with the OpenELEC demo. The fellow works as a cook and he was so amazed by the cooking channels that Ajay showed him, he bought a pendrive and asked for a live image that he could use at home. Ajay was happy to provide him one :)

cooking-channel-infotech-2015

Foodcourt refused to sell me Indian curry separately

Around 12h30 I went to have lunch. I bought sandwiches, french fries and a glass of “alouda”. Something interesting happened later in the evening though. I had left Infotech earlier then came back with my mom & auntie in the evening. Mom told me that I could find some vegetarian Indian curry if I’d like. I went there and decided to buy the “paneer curry” only. I asked the lady to sell only a portion of the curry in one of the plastic recipients but as she was going to do so a guy stopped her. I was curiously watching the scene and the guy who appeared to be like a “bossing around manager” tells her to tell me that they cannot sell the curry separately because they will be in short of plastic recipients for other customers. Huh! That was fun because the food-court was 3/4 empty at 18h50. Infotech was due to end at 19h00. The lady was feeling awkward to tell me the reason why she can’t sell one curry only but I had witnessed the scene. I smiled at her and said, “it’s okay” and I left.

Well, that was something I wanted to share in my blog post wondering if other people might have experienced similar situations at the Indian food section of the food-court.

Anyway, back to my story, we’re still around 12h30, I grab my sandwiches, french fries, alouda and reach for a table. All tables were occupied. I asked a gentleman if I could share his table, he politely said I could. I was eating and half-way lost in my thoughts when a guy approached and greeted me. Oh, he apologized for disturbing while I’m eating, that’s courtesy :) That was Suyash Sumaroo from Codevigor Ltd. He shared a stand with Ebène Accelerator fellows in the main hall where he showcased his online service document.mu. We talked about his application and had a quick chat about entrepreneurship and the struggle of start-ups in Mauritius.

When I came back to the LUGM stand I found a mini crowd peeking over the Raspberry Pi.

crowd-infotech-2015

Ajay handled like a maestro. I answered a couple of questions people asked about the RPi, its price, how it is programmed, does it come “naked” as in without a casing etc. Then some familiar faces popped in. They were folks from the University of Mauritius Computer Club.

uom-computer-club-infotech-2015

Later I met Sadhveer and I was glad to hear that her little sister is a Linux user too :)

sadhveer-infotech-2015

Infotech 2015 ended on a good note that the National Computer Board has some promising avenues for future collaboration with the Linux User Group of Mauritius.

The post The last day of Infotech 2015 appeared first on HACKLOG.

2Oct/150

LUGM at Infotech 2015

Posted by Ish

I had a brief visit to Infotech 2015 today. An important task was to deliver Logan the banner of the Linux User Group of Mauritius (LUGM). He’s been demo’ing some cool Arduino based robots since yesterday along with Christian Gunnoo. When I reached the Swami Vivekananda Int’l Convention Centre today, I first looked out for the LUGM fellows. I saw Mike & Jessica were there having a chat with the geeks. Cool, I jumped in the convo, greeted everyone and gave Logan the banner.

lugm-infotech-2015

Next to LUGM, there were fellows from the Middlesex University. They also had some cool Arduino projects to display.

On a sad note, the table arrangements got both LUGM and Middlesex University in a blind spot. They were on the same row as the National Computer Board outside the main hall. Nevertheless, I should commend the good work achieved by Logan & Christian to interact with young fellows who made it till there.

Next, I headed inside the main hall. I was looking for the stand of Amazon Web Services (AWS) but before that I got to meet Louis from ICT.io. I had a chat with him and another fellow I happened to meet there. In fact, they showed me where the AWS stand was and I hopped there.

I met Chris Perkins from AWS and we talked quite lengthily about the various cloud services. My main mission was to meet some technical guys and we could have a geek chat about how we’re building up the infrastructure for the next lexpress.mu. Yes! If that comes as a surprise, I now work for LSL Digital :)

aws-infotech-2015

Chris happens to be a Manager within AWS Cloud Support and we had a very interesting chat about operations, sysadmin skill set and all. Chris and his colleagues are in Mauritius to recruit for AWS South Africa. If you’re interested to put your genius in action and be part of the AWS family, you still got two days; put your laptop in the backpack and go meet Chris at Infotech 2015.

I then met Dinesh, an ex-colleague from Linkbynet :) We had a chat about the fun days when I was a Unix System Administrator at Linkbynet. We talked about the shortage of sysadmins and the gap that needs to be filled.

linkbynet-infotech-2015

I left around 13h30 and headed back to LSL Digital. I should be there, at Infotech 2015, tomorrow along with other LUGM members talking about Linux. Meet us at the LUGM stand :)

The post LUGM at Infotech 2015 appeared first on HACKLOG.

Tagged as: No Comments
26Sep/150

Opensource Web application in Collaboration with Government Agency

Posted by logan

The Data Protection Office has a self-assessment questionnaire ( http://dataprotection.govmu.org/English//DOCUMENTS/SELF%20ASSESSMENT%20PDF.PDF ) for compliance with Data Protection obligations. Doing such an assessment on paper and evaluating the results can be a cumbersome process.

Subramanian Moonesamy, Ishwon K. Sookun, Bundhoo Mohammad Nadim, Tejas Pagooah and Ajay Ramjatan volunteered five months of time and effort to develop a Privacy Compliance Assessment Webapp in collaboration with the Data Protection Office to make the process as user-friendly as possible. The Web app can be accessed at http://www.elandsys.com/~sm/privacy-mu/

DPO-webapp

 

It is the first time a group of volunteers in Mauritius develop an Open Source Software project in collaboration with a government agency. It was also to showcase responsive web design, i.e. the Webapp looks good on a desktop, tablet or a mobile.

The webapp does not store cookies, nor uses any other web tracking mechanism. Hence anyone who conducts an assessment using this webapp can do it anonymously, without any fear of being tracked.

The webapp is free software and can be freely distributed or modified under GNU General Public License.

30Nov/140

Meeting Eddy of Internet Systems Consortium

Posted by Ish

Last Friday, a few members of the Linux User Group of Mauritius organized an « Informal Talk on DNS » at Flying Dodo, Bagatelle Mall.

Eddy Winstead from the Internet Systems Consortium was our guest. He was in Mauritius for AFRINIC-21 and has been delivering talks on BIND.… Read more ➡

The post Meeting Eddy of Internet Systems Consortium appeared first on HACKLOG.