AFRINIC-25 was held at Sofitel Imperial Resort & Spa in Mauritius this year from 25th to 30th of November 2016. Members of hackers.mu were proud to be present during the ISOCIETF session. Logan, who is also a member of hackers.mu introduced me to Kevin G. Chege of ISOC who was leading the meeting. There were several topics tossed on technical IETF standards at the workplace by Padma Pillay-Esnault of Huawei and afterwards Yash Paupiah of hackers.mu, a student at the University of Mauritius, gave a brief overview of tasks accomplished during his security audit of open source applications.
I made a short introduction on OpenSUSE as an OpenSUSE advocate and laid emphasis on the challenges of the OpenSUSE community in terms of code contribution. Also, a brief overview of the OpenSUSE insfractructure, the open build service, the visualization platform and factory develoment at OpenSUSE.
One of the contributions made during the hackers.mu hackathon – Operation SAD– Search and Destroy where codes were contributed to Monit – An opensource utility for proactive monitoring. It can conduct automatic maintenance and repair. What is most interesting during the hackathon is the deprecation of SSLv3 in Monit.
More details were shed on the spreading of the disease called SSLv3. There are many developers still importing Monit as secondary tools on their application. A live example where Github repos are infected with SSLv3 where same need to be removed to mitigate attacks. The RFC 7568 (Thanks to the TLS working group) – which was applied during the course of the hackathon was taken as example as well as the methodology and application of the SDLC – Software Development Life Cycle standards during the hackathon.
Slide during the IETF meeting
An open discussion among participants and audience was then carried out. The aim is to have each one to share their concerns and initiative to reach their goals. As regards to me, i laid emphasis that IETF materials should not only reach University students, but also other individuals who have the skills and know-how and ready to learn for the betterment of Africa and Mauritius. Hackathons were proposed to be carried out at international level under the umbrella of the IETF – Internet Engineering Task Force.
I would also sincerely thank the ISOC, AFRINIC and sponsors for making this event a successful one.
I recently attended another meeting on VMware VSAN by Altaro – How VMware VSAN can reduce cost and simplify your VM storage ? This presentation was carried out by Theresa Miller, vExpert and Andy Syrewicze, Technical Evangelist. A brief explanation of how large group of people use to manage simple solution compared with VMware VSAN technology. Nowadays, there is the creation of single point to manage those virtual machines. This is where hyper-convergence came from as SME’s and SMB’s are looking for high availability.
Here are some slides from the presentation (credits: Altaro.com) :
Several advantages such as traffic into cluster to ensure if there is a node failure, the system is still up using VSAN. Emphasis on VSAN architectural benefits, tool-sets and use cases to simplify the infrastructure as computation and infrastructure are now being managed as one single point using single software.
Other point discussed on VSAN assessment importance. Never assumed VSAN results without performing an assessment. Other tools such as VSAN TCO and sizing calculator. VSAN is also important for developers to have more access to provisioning during development.
Yesterday, Logan ping me to join the team for beer and pizza at Flying Dodo Bagatelle. Its been since some days though that the team is meeting for a beer. Reaching there, Logan and Anoop were already present. Some interesting topics about careers in Mauritius were tossed out. We had a long talk on tools and tips in the world of IT such as automation, chef, and other tools. A tool that Anoop point around is Shavlik which is use to automate task for Windows servers.
By the time, the whole team showed out and and i was impressed by the seafood pizza. That taste is superb 🙂 Yes it was indeed a special day as Akhil, one member of the hackers.mu is heading miles away from Mauritius for studies. The tradition at hackers.mu is to meet over a table for Pizza and Beer !
We had some interesting topics such as future plans in hackers.mu including ISOC, IETF, Podcasts, Hackathons etc.. Several other plans have been forecast already for the Hackers.mu team. Of course, there will be the arrival of new members.
Afterwards, we all congrats Akhil for the steps taken in Hackers.mu and wish him a safe flight abroad. As usual, Logan seized the opportunity to show us the hilarious Mauritian video on youtube which made us laugh a lot.
Since the beginning of this year i was much involved in Linux and opensource activities carried out under the umbrella of Hackers.mu and it was pretty fun. After the Hackathon – Operation SAD where members of Hackers Mauritius have fixed SSL bugs in many distros including OpenSUSE, I have decided to create the OpenSUSE Mauritius Facebook page. The aim is to reach more potential OpenSUSE enthusiasts in Mauritius, a little island in the Indian Ocean to promote the OpenSUSE project.
Participation and sponsor of DevConMru 2016 and other contributions in the Opensource community
One of the aim accomplished is code contribution in OpenSUSE which is already in production. There are other members of hackers.mu who dived and fixed security bugs in the world of Ubuntu, Fedora, Debian, Cisco and even the Linux Kernel. As you may also noticed through the media articles have appeared on local press such as Scope, Defimedia, LeMauricien, etc.. Hackers.mu as a team strongly feel that we have already emerged in this field to accomplish a good quality job and is looking ahead for a better world by promoting Linux.
At Hackers Mauritius we work on several projects and code for fun. One of the interesting project we have look at is an application called Tarsnap which is use to perform secure backup on the cloud. At Hackers Mauritius, myself (@TheTunnelix) and Codarren (@Devildron) recently send codes to Tarsnap and same were approved. Thats really cool when someone’s code is approved and used world wide by thousand of companies. Thanks to Selven (@eldergod) and Loganaden (@loganaden_42 ) who are the creators of Hackers Mauritius who inpired us. Today, i have the privilege to speak on Tarsnap at the DevConMru 2016 which was held at Voila hotel, Bagatelle. On reaching there, i was impressed on the number of people already waiting inside the conference room who were curious about Tarsnap. Some were entrepreneurs whilst others were students. I should say around 30 people attended the conference. Since it was a sunday at 11:30 am, Selven did not hesitate to bring some beer to the little crowd present there. I was busy setting up my laptop for the presentation.
As usual i like to get the attention of my audience before the presentation. My first slide showed the logo of Tarsnap upside down.
Everyone was turning their head and making the effort to read the content. And here we go. I noticed that they are all ready and curious about it.
Check out the Slide here. Please wait some minutes. Its loading..
The basics of Tarsnap were explained. Tarsnap take streams of archive data and splits then into variable-length blocks. Those blocks are compared and any duplicate blocks are removed. Data de-duplication happens before its uploaded to the Tarsnap server. Tarsnap does not create Temporary files but instead create a cache file on the client. The cache file is the files that are being back up to the Tarsnap server. After deduplication, the data is then compressed, encrypted, signed and send to the Tarsnap server. I also explained that the archived are saved on an Amazon S3 with EC2 server to handle it. Another interesting point raised was the concept of Tarsnap which uses smart Rsync-like block oriented snapshot operations that upload only data which is charged to minimise transmission costs. One does not need to trus any vendor cryptographic claims and you have full access to the source codes which uses open-source libraries and industry vetted protocols such as RSA, AES and SHA.
Getting on to the other part of Tarsnap and Bandwidth, emphasis was made on Tarsnap which synchronised blocks of data using very intelligent algorithm. Nowadays, there are companies that still uses tapes for backups. Imagine having so many tapes and when restoration time has arrived, this would take tremendous time. Tarsnap compresses, encrypts and cryptographically signs every byte you send to it. No knowledge of crytographic protocols is required. At this point, i asked a question about volunteers who are thinking to look at the Tarsnap code. There were three persons who raised their hands. The importance of the Keyfile was raised up as some companies secure their private key in a safe. Tarsnap also support division of responsibilities where an explanation was laid out where a particular key can only be used to create archive and not delete them.
An analogy between google drive compared to Tarsnap was given. Many already understood the importance of Tarsnap compared to Google Drive. The concept of deduplication was explained using examples. For the network enthusiasts, i laid emphasis on the port 9279 which should not be blocked on the firewall as Tarsnap runs on the following port number. Coming to confidentiality, the matter was made clear enough to the audience how much the data is secured. If it happens someone lost the key there is no way of getting back the data.
Tarsnap is not an open source product. However, there client code is open to learn, break and study. I laid emphasis on the reusable open source components that come with Tarsnap for example the Scrypt KDF (Key derivation function). KDF derives one or more secret keys from a secret value such as a master key, a password or passphrase or using a pseudo random function. The Kivaloo data store was briefly explained. Its a collection of utilities which togather form a data store associating keys up to 255 bytes with value up to 255 bytes. Writes are accepted until data has been synced. If A completed before B, B will see the results of A. The SPIPED secure pipe daemon which is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses so that one may connect to one address.
I also explained to the audience the pricing mechanism which was perceived rather cheap for its security and data deduplication mechanisms. Tarsnap pricing works similar as a prepaid utility-metered model. A deposit of $5 is needed. Many was amazed when i told them that the balance is track to 18 decimal places. Prices are paid exactly what is consumed.
Other interesting features such as regular expression support and interesting stuffs with the dry run features of Tarsnap was given. The concept of Tar command compared to Tarsnap was also explained. Commands, hints and tricks explained.
At the end, i consider it really important to credit Colin, the author of Tarsnap and i have been strongly inspired by the work of Michael Lucas on Tarsnap. Indeed, another great achievement of Hackers Mauritius at the DevConMru 2016.