Open Source ...ary 2013 by Hiba Dweib

IS NOW OPEN SOURCE FOR YOU

THE COMPLETE MAGAZINE ON OPEN SOURCE

Volume: 10 | Issue: 12

Special Read: Combat Virtual Attacks With IPCOP Firewall

` 125

Volume: 01 | Issue: 05 | Pages: 112 | February 2013

TOP Ten Web Log Analyser Tools Custom Android ROMs Media Players Cloud Computing Resources Tools For Web Developers

l a i sue c s I e p y S versar Anni India us singapore malaysia

9 770974 105001

` 100 $ 12 s$ 9.5 mYR 19 02

FREE DVD Try Your Hand At ClearOS

Trained participants from over 42 Countries in 6 Continents Linux OS Administration & Security Courses for Migration LLC102: Linux Desktop Essentials LLC033: Linux Essentials for Programmers & Administrators LLC103: Linux System & Network Administration LLC203: Linux Advanced Administration LLC303: Linux System & Network Monitoring Tools LLC403: Qmail Server Administration LLC404: Postfix Server Administration LLC405: Linux Firewall Solutions LLC406: OpenLDAP Server Administration LLC408: Samba Server Administration LLC409: DNS Administration LLC410: Nagios - System & Network Monitoring Software LLC412: Apache & Secure Web Server Administration LLC414: Web Proxy Solutions Courses for Developers LLC104: Linux Internals & Programming Essentials LLC106: Device Driver Programming on Linux LLC108: Bash Shell Scripting Essentials LLC109: CVS on Linux LLC204: MySQL on Linux LLC205: Programming with PHP LLC206: Programming with Perl LLC207: Programming with Python LLC208: PostgreSQL on Linux LLC504: Linux on Embedded Systems LLC702: Android Application Development RHCE Certification Training RH124: Red Hat System Administration - I RH134: Red Hat System Administration - II RH254: Red Hat System Administration - III RH299: RHCE Rapid Track Course RHCVA / RHCSS / RHCDS / RHCA Certification Training RHS333: Red Hat Enterprise Security: Network Services RH423: Red Hat Enterprise Directory Services & Authentication RH401: Red Hat Enterprise Deployment & Systems Management RH436: Red Hat Enterprise Clustering & Storage Management RH442: Red Hat Enterprise System Monitoring & Performance Tuning RHS429: Red Hat Enterprise SELinux Policy Administration RH318: Red Hat Enterprise Virtualization NCLA / NCLP Certification Training Course 3101: SUSE Linux Enterprise 11 Fundamentals Course 3102: SUSE Linux Enterprise 11 Administration Course 3103: SUSE Linux Enterprise Server 11 Advanced Administration

Advanced Administration Training on DNS, Samba, Nagios & Postfix DNS Server Administration: 9 Feb 2013 Linux System & Network Monitory Tools: 23 Feb 2013 Jboss Administration: JB248: 18 Feb 2013

RHCVA / RHCSS / RHCA Training - Exams RH318: 10, & 24 Nov 2012; EX318: Call; RHS333: 10 Nov; RH423:17 Nov; RHS429: Call; RH436: 11 Feb, EX436: 15 Feb; RH442: Call; EX442: Call RH401: 4 Feb; EX401: 8 Feb

RH299 from 4, 11, 18 February EX200/300 Exam 8, 15, 22, 27 & 28 Feb LLC - Authorised Novell Practicum Testing Centre NCLP Training on Courses 3101, 3102 & 3103

CompTIA Storage+ & Cloud+ Training & Certification from February ‘13 Microsoft Training Co-venture: CertAspire Microsoft Certified Learning Partner

www.certaspire.com For more info log on to:

www.linuxlearningcentre.com Call: 9845057731 / 9449857731 Email: info@linuxlearningcentre.com

RHCSA, RHCE, RHCVA, RHCSS, RHCDS & RHCA Authorised Training & Exam Centre

Registered Office: # 635, 6th Main Road, Hanumanthnagar, Bangalore 560019

# 2, 1st E Cross, 20th Main Road, BTM 1st Stage, Bangalore 560029. Tel: +91.80.22428538, 26780762, 65680048 Mobile: 9845057731, 9449857731, 9343780054

Gold

Practicum

TRAINING PARTNER

TESTING PARTNER

Enterprising Solutions, Enabling Businesses

Visit EnterpriseIT2013 if you are from the following industries...

Banking & Finance

Education

Government / Military / Defense

Healthcare

Logistics / Transportation

Hospitality / Retailers / Services

YOU SAID IT Probems with the CentOS 6.3 DVD I installed Centos 6.3 from the DVD that came bundled with the OSFY magazine. After booting up, it asks me to log in. I had given rajan.com as my computer name and a simple password. But it is not accepting this, showing instead a ‘Login error’. What should I do? Incidentally I am a 78-year old Linux OS fan. —HRY Rajan, hryrajan@gmail.com ED: We are assuming that there was no error while installing the OS. The reasons that you could not log in could be many. I would suggest that you to try the following: 1. Double check your password. It should match with the one that you have given at the time of installation. 2. Passwords are case sensitive. 3. Try logging in to any other user other than the super user, if you have created one. 4. Log in to your terminal and remove the LD_PRELOAD variable in the bash_profile, in case it is there. 5. If nothing works, then boot your system in single user mode and reset the super user password. Restart your system and try the new password. Hope this helps. If the problem still persists, you can reach us at osfyedit@efyindia.com It’s also great to hear about your enthusiasm for Linux. Do keep writing to us.

that Will Get You Hired this Year', published in the January 2013 issue was very informative and well written. Thanks to the OSFY team members for bringing out this article. Looking forward to more such pieces. —Shivam Kotwalia, shivamkotwalia@gmail.com ED: We are indeed pleased that you liked the article. Thanks a lot for the great feedback and we will convey your words of appreciation to the author. We love to hear from our readers about the content of our magazine and try our best to match their expectations. Keep sending us your views on OSFY!

How do I access previous issues of OSFY?

Dayananda Aswathaiah: I would like to access

the previous seven editions of OSFY. Please let me know the best way of doing this.

OpenSource For You: We have an

e-zine that allows you to enjoy the digital version of the magazine. For OSFY subscribers, the e-zine service is free. Log on to http://ezines.efyindia.com/ for details.

Dayananda Aswathaiah: T

Inability to find OSFY in news stores It would be great if you could send me a list of all the news and magazine stores that sell Open Source For You. I used to buy your magazine from the stores but since the name has been changed, I can't find the magazine anywhere near my locality.

OpenSource For You: Dayananda, please write a mail to support@efyindia.com. We are sure the support team will be able to help you on this.

—Jatin Dhankar, dhankhar.jatin@gmail.com ED: Thanks for writing to us. Check out our website: dealers. efyindia.com. You may be able to locate some dealers selling OSFY close to your home. We have tried to provide the phone numbers of as many dealers as possible, so that you can call before visiting. Please let us know if you need something else from us.

Loved reading 'The Top Open Source Skills that Will Get You Hired this Year' First of all, here’s wishing Team OSFY and its dear readers a HAPPY NEW YEAR! The article 'The Top Open Source Skills U

Dayananda Aswathaiah: Thanks. I did so and I have got the access. Thanks a lot.

Please send your comments or suggestions to:

The Editor D-87/1, Okhla Industrial Area, Phase I, New Delhi 110020 Phone: 011-26810601/02/03, Fax: 011-26817563 Email: osfyedit@efyindia.com

offe

www.facebook.com/linuxforyou

Hanna Ben Salah: Does anyone have any idea about SHELL? Like . comment

Manoj K Nair: Shell is a software program that allows you to interact and access a computer system. User can enter commands in the shell prompt, which will be executed by the shell. Since the only means of communication through shell is text, it is known as Command -LineInterface or CLI. A shell is a command interpreter and serves as a user interface to the Linux kernel...http://www. ibm.com/developerworks/linux/library/l-linuxshells/index.html.

Hanna Ben Salah: Thank You!

Pradeep Prakhar:

How to configure IPv6 on the Cent OS 6.3? Like . comment

Mani Kandan: 1.Set NETWORKING_IPV6=yes in /etc/sysconfig/network 2. Append following in ifcfg-ethX IPV6INIT=yes IPV6ADDR=<IPv6-IP-Address> IPV6_DEFAULTGW=<IPv6-IP-Gateway-Address> 3.Restart the network.

Thala Karthik: I am new to Fedora. The video is not playing. What package should be installed? Like . comment

Manu Kutan: Please download and install VLC Mohamed Abbes: Can someone tell me how to download Linux?

Player for Linux...http://www.videolan.org/vlc/ download-fedora.html.

Thala Karthik: Thank you Manu!

Like . comment

Suman Karki: Linux has many distros, best to use is Ubuntu. Go to ubuntu.com and download its latest version and use.

Chandra Shekhar Pandey: You can also request online for Ubuntu, and within a fortnight you will receive the latest Ubuntu CD via courier free of cost. Go for it.

Keshav Mishra: But better one is Fedora, available at www.fedoraproject.org. Chandra Shekhar Pandey: Ubuntu is the most popular among the lot. Lots of software to download and open source community support on your platter. Grab it.

Sumant Garg: If you are new to use Linux, I vote for Ubuntu. Chandra, free shipping has been closed now.

Mohamed Abbes: Thank You Guys!

Karthigeyan Kith:

Hi, How to find out the password of root in Boss linux for a new computer? Like . comment

Mani Kandan: If you want to reset the root password, boot in single user mode and change the password using "passwd" command. Check the link for details http://wiki.bosslinux.in/wiki/index.php/Lost_Password

Nilesh Chandekar:

Need help. Suggest a good OS to make it as a firewall. How can I have a profound knowledge about Firewall? Like . comment

Spencer Allen: I've never done it but my best guess would be Freebsd or arch.

Syed Muizz Ahmad:

Hi! In CentOS6, I forget the root password. Now I am in local user (not root). How can I reset my root password? Like . comment

Mani Kandan: Boot in a single user mode and change the root password using passwd command. Image quality is poor as the photos have been directly taken from www.facebook.com 10 | february 2013 | OPeN SOurCe fOr yOu

Nilesh Chandekar: I mean to say standalone firewall OS and I need study material also.

Mani Kandan: Seven of the best linux firewalls.. check it http://www.techradar.com/news/software/ applications/7-of-the-best-linux-firewalls-697177

Q&A Er Dharam Gupta:

Hey friends, can anyone tell me which is the good version of Ubuntu for a newcomer to get started? Like . comment

Yogesh Jadhav: Download the latest version of Ubuntu at http://www.ubuntu.com/download/ desktop from here and you get help from here https://help.ubuntu.com/ Shivaji Tejankar: Ubuntu 12.04.1 is stable now.

Facebook

Julius Steponavicius:

Hi, I'm thinking of trying one of the Linux OS on one of old laptops since it has a lack of good performance, and I wanted to ask for some help to find the best one for me. I have an old laptop IBM thinkpad T23. The main questions I have about Linux are about problems with drivers, or let's say- emulation of some Windows software like Adobe cs3. Tech specs of the laptop are:Intel Pentium III - 1,2 GHz, 512 MB RAM, 16 MB video card. Thank you for your time. Like . comment

Mani Kandan: 12.04.

Gothi Narendra:

Is it possble to use MS Office 2010, driver of Lenovo Z570, and game Zuma Revenge of Lenovo laptop for Linux mint? Like . comment

BensonShaji: I wouldn't recommend it. Even if it possible with software called Wine, it's not efficient or you may not expect the same results as it was in Windows.

Vishal El Mono: Yes. Please download Wine software. This will help you to install .exe files in Linux.

Spencer Allen: http://wine-review.blogspot. com/2012/02/how-to-install-microsoft-office2010-on.html. I've never tried a driver but chances are you don't need to. I recommend Linux Mint to new users.

Sunil Malviya:

How to delete wine extract files in CentOS 6.3? Wine setup already extracted in CentOS 6.3 by root account. Give me suggestions. Like . comment

Riya Patankar: Are you installing wine ? Try this yum -y install wine.

Sunil Malviya: Yes,I installed wine in root account, but there was an error that showed switch to other user account. Samantha de Lucio: When an user runs wine for the first time, a directory named .wine is created in their home directory. The users home directories are usually stored in /home. The home dir of the root account is not stored in /home but in /root. In order to find and delete files, you have to login as root and look in the /root/.wine folder.

Sunil Malviya: So, how to enter in root ac-

Spencer Allen: Linux Mint mate would work fine and that's what I recommend to new users. It will probably recognize all of the hardware and install the appropriate drivers during the install. Unfortunately your laptop doesn't meet the minimum system requirements for Adobe cs3 so even if you could get it installed using an emulator like wine chances are it would not run well. So I would suggest using the open source equivalents to the Adobe apps that are packaged in the creative suite. For instance Gimp is a close approximation to Adobe Photoshop but it's easier on the hardware requirements. Julius Steponavicius: Great Thanks, I have found that Linux mint has a bunch of other versions, which one do you prefer? One guy from Yahoo answers suggested Linux Mint with an XFCE4 or LXDE. Which versions ar these? (by number. 5 and 9th? ) Spencer Allen: Well here's what's available to download. http://www.linuxmint.com/download.php. I recommend Mate 32 bit.XFCE and LXDE are different desktop environments so is Mate. For new users I recommend Mate. Here's some more information on the different desktop environments available for Linux. Incase you want to try them out you can always install them after installing the OS then select the desktop environment you want to use when you log in. Julius Steponavicius: Great, thanks man.

One last question, do you think I should prepare some drivers before installing or should I not worry?

Spencer Allen: I've used Linux Mint on a similar laptop. It wasn't exactly the same model, Mine was a T42 but it installed all the drivers for me. I expect it to be the same for you.

Yogesh Jadhav: I think you can try Ubuntu 8.04 or 8.10. It was a good support to an old hardware and gives excellant graphics & performance. Roger Amos:

count with GUI?

So what is the current situation with Windows 8 Secure boot? Or has the community forgotten?

Yogesh Jadhav: If you know root user password then

Like . comment

you easily enter to root user just type this command $su - if you don't know root password then boot into single user mode and then configure root password.

Aboobacker Mk: No, it is still an issue, but you can install ubuntu in secureboot computers via some workarounds.

Image quality is poor as the photos have been directly taken from www.facebook.com OPeN SOurCe fOr yOu | february 2013 | 11

Tablets Spice Stellar Pad Mi-1010

HCL Me V1

OS:

Android 4.1 aka Jelly Bean

OS:

Android 4.0 January 2013 ` 7,999 ESP:

` 7,899 Specification:

iBerry Auxus CoreX2 Launch Date:

December 2012

Specification:

NEW

25.6-cm (10.1inch) IPS display touchscreen, 1.5 GHz dual-core processor,7,600 mAh battery, 3 MP rear and VGA front camera, internal storage of 16 GB, expandable up to 32 GB, 3G, Wifi

iBerry Auxus CoreX4 Android 4.0

MRP:

ESP:

` 5,499 Specification:

NEW

Videocon VT10

Specification:

` 10,990

ESP:

` 11,200

` 15,990

Specification:

OS:

Android 4.0 Launch Date:

December 2012

` 11,200

` 15,990

MRP:

` 4,600

ESP:

NEW

` 4,600 Specification:

17.7-cm (7-inch) IPS display touchscreen, 1.6 GHz dual-core processor, 4,100 mAh battery, 2 MP rear and 0.3 MP front camera, 8 GB internal storage, expandable up to 64 GB, 3G, Wifi

Specification:

24.6-cm (9.7-inch) IPS display touchscreen, 1.6 GHz quad-core processor,7,200 mAh battery, 2 MP rear and VGA front camera, 16 GB internal storage, expandable up to 64 GB, 3G, Wifi

25.6-cm (10.1inch) IPS display touchscreen, 1280 x 800 pixels screen resolution, 1.5 GHz dual-core processor,6,800 mAh battery,2 MP front and rear camera,8 GB internal storage, expandable up to 32 GB, 3G, WiFi

Lenovo Ideapad A2107

Intex iBuddy Connect

Go Tech funTab All New

OS:

Android 4.0

Android 4.1

Launch Date:

December 2012

MRP:

` 4000

` 10,940

ESP:

OS:

Android 4.0 Launch Date:

Android 4.0

MRP:

December 2012

December 2012 ` 13,999

` 7990

ESP:

` 13,999 Specification: 17.7-cm (7-inch) HD display touchscreen, 1024 x 600 pixels screen resolution, 1 GHz Mediatek processor, 2 MP rear and 0.3 MP front camera, 16 GB internal memory, expandable up to 32 GB 3G, WiFi

NEW

Mercury mTAb StreaQ

` 7990 Specification:

NEW

17.7-cm (7-inch) capacitive display, 1 GHz processor, 2 MP rear and VGA front camera, 3,000 mAh battery, 4 GB internal memory, expandable up to 32 GB via microSD, 3G, WiFi

Karbonn Cosmic Smart Tab OS:

OS:

Android 4.1

Android 4.0 Launch Date: MRP:

` 11,499 Specification:

NEW

17.8-cm (7-inch) capacitive multitouch screen, 1024 x 600 pixels screen resolution, 1.2 GHz processor, 2 MP rear camera, 4 GB built-in storage, expandable to 32 GB, 3G, WiFi

Swipe Legend Tab

MRP:

December 2012

` 10,280 Specification:

Launch Date: MRP:

` 11,999 ESP:

NEW

24.6-cm (9.7-inch) capacitive display touchscreen, 1.5 GHz processor, 6,000 mAh battery, 1 GB RAM, 2 MP rear and VGA front camera, Wi-Fi,3G via dongle

NEW

17.7-cm (7-inch) capacitive display touchscreen, 1 GHz processor, 3,600 mAh battery, 0.3 MP front camera, 4 GB internal memory, expandable up to 32 GB, 3G, WiFi

Launch Date:

ESP:

Specification:

Android 4.0

` 10,280

` 11,499

` 4000

OS:

December 2012

NEW

20.3-cm (8-inch) capacitive display touchscreen, 1024 x 768 pixels screen resolution 1.5 GHz dual-core processor, 4,500 mAh battery, 3 MP rear and VGA front camera,1.5 GB internal storage, expandable upto 32 GB, WiFi

Simmtronics XPAD X-720

MRP:

NEW

` 7,025

OS:

December 2012

MRP:

NEW

` 7,025

17.7-cm (7-inch) capacitive display touchscreen, 1 GHz processor, 2,800 mAh battery,0.3 MP front camera,4 GB internal storage, expandable up to 32 GB 3G, Wifi

ESP:

Specification:

January 2013

Launch Date:

December 2012

` 10,990

MRP:

Android 4.1 aka Jelly Bean

OS:

Launch Date:

MRP:

Launch Date:

Android 4.1 aka Jelly Bean

` 5,499

OS:

Android 4.1 aka Jelly Bean

Launch Date:

January 2013

` 7,600

7” WVGA capacitive touch screen,800 x 480 pixels screen resolution, 1 GHz cortex processor,3200 mAh battery, 2 MP rear camera 0.3 MP front camera, 4 GB internal memory, expandable up to 32 GB, 3G, WiFi

OS:

MRP: ESP:

NEW

OS:

Android 4.0

` 7,600

MRP:

Karbonn Smart Tab 8 Velox

Launch Date:

January 2013

Launch Date:

Lava eTab Z7H

` 11,999

NEW

17.7-cm (7-inch) capacitive display touchscreen, 1 GHz processor, VGA front camera, 2,800 mAh battery, 4 GB internal memory, expandable up to 32 GB, Wi-Fi, 3G via dongle

Karbonn Smart Tab10

` 10,940 Specification:

NEW

(9.7-inch) capacitive display touchscreen, 1.5 GHz processor, 6,000 mAh battery, 2 MP rear camera, 1 GB RAM, 3G, WiFi

Wishtel PrithV OS:

Android 4.0 Launch Date:

December 2012 MRP:

` 3,300 ESP:

` 3,300

Specification:

7-inch TFT LCD capacitive touchscreen, 800 x 400 pixels screen resolution, 1.5GHz processor, 2 MP rear and 1.3 MP front camera, 4 GB internal memory, expandable up to 32 GB, 3G, WiFi

7-inch TFT (LCD), capacitive display, 800 MHZ processor, 2800 mAh battery, 0.3 MP camera, supports up to 32GB MicroSD Card3G, WiFi

OPEN GADGETS Tablets Google Nexus 7

Swipe Velocity Tab

OS:

Launch Date:

MRP:

ESP:

Go Tech FunTab Class

Android 4.1.1 (Jelly Bean)

Android 4.0 December 2012

` 7,999

` 16,599

Specification:

23.1-cm (9.1-inch) capacitive touch screen, 1.5 GHz processor, 5,000 mAh battery, 300K pixels front facing camera, 8 GB In built memory, expandable up to 32 GB, 3G, Wifi

17.78-cm IPS display, 1.2 GHz processor, 4325 mAh battery, 1.2 MP camera, 16 GB internal memory,3G, WiFi

Penta T-Pad WS802C-2G

HCL ME G1

OS:

Launch Date:

Android 4.0 November 2012 MRP:

MRP:

` 7,499

October 2012

` 6,899

8” TFT (LCD), multi touch capacitive touchscreen, 1024 x 768 pixels screen resoultion, 1.2 GHz processor, 6000 mAh battery, 2 MP rear camera, 8 GB internal memory, 32 GB, 3G, WiFi

iBall Slide 3G 7334 OS:

Launch Date:

Android 4.0

MRP:

October 2012

Launch Date:

` 10,990

MRP:

` 13,999

ESP:

` 10,990

ESP:

Specification:

` 9890

9.7 Inches capacitive touchscreen, 1024 x 768 pixels screen resolution, 1.5 GHz processor, 7000 mAh battery, 2.0 MP rear camera, 8 GB internal memory, expandable up to 32 GB, 3G, Wifi

7- inch capacitive touchscreen, 1024x600 pixels screen resolution, 1 GHz processor, 4400 mAh 2MP rear camera, 8 GB internal memory, expandable up to 32 GB, 3G, WiFi

Laptops Ambrane Mini

Netbooks Samsung N100

ASUS EeePC X101

OS:

MeeGo

OS:

Launch Date:

August 2011

Launch Date:

MRP:

` 12,290

MRP:

ESP:

Android 4.0 November 2012 ` 5,499

ESP:

Specification:

October 2012

9.7 Inches multi-touch capacitive touchscreen display, 1.2 GHz Dual processor, 7000 mAh battery, 2 MP rear camera, 16 GB internal memory, expandable upto 32 GB, 3G, WiFi

October 2012

` 12,999

Android 4.0

Specification:

Launch Date:

ESP:

OS:

8 inches multi-touch capacitive screen, 800 x 600 pixels screen resolution, 5000 mAH battery, 8 GB internal memory, expandable up to 32 GB, 3G, WiFi

Android 4.0

` 12,999

Zync Z1000

Specification:

OS:

MRP:

8 inches (20.3 cms) capacitive touchscreen, 1024 x 768 pixels screen resolution, dual core Cortex A9 processor, 4500 mAH battery, 2 MP rear camera, 4 GB internal storage, expandable up to 32 GB, WiFi

` 14,999

Penta T-Pad WS702C

November 2012

Specification:

ESP:

` 8,299

Launch Date:

` 11,490

` 14,999

ESP:

Android 4.0

` 13,999

MRP:

` 8,299

OS:

November 2012

November 2012 ` 22,412

` 7,999

Wishtel IRA ICON HD

MeeGo August 2011 ` 12,499

Specification:

` 5,499

` 11,840

7" capacitive multi touch screen, 1024 x 600 pixels screen resolution, 1.2 GHz processor, 2 MP rear camera, 8GB internal storage memory, expandable up to 32 GB, 3G, WiFi

Specification:

7 inches TFT capacitive touch screen, 800 x 480 pixel screen resolution, 1.2 GHz processor, 3000 mAh battery, Built-in 0.3 MP camera, WiFi

25.7 cm WSVGA anti-reflective LED,1024×600 pixel screen resolution,1.33GHz Intel ATOM processor, 1GB DDR3 memory, Intel GMA 3150 graphics, 250GB HDD, 3 cell (40 W) battery, 4-in-1 card reader, 1.03kg.

` 12,000 Specification: 25.7 cm LED-backlit screen, Intel Atom processor N455 CPU, 1GB DDR3 RAM expandable upto 2GB, 220GB storage, Bluetooth 3.0, Wi-Fi 802.11 b/g/n, 17.6mm thick, 920g.

No Need To Pay For Software. Your Window to FREE professional Software *The logos used in this banner are the properties of their individual organizations.

FREE DOWNLOAD

INSTALLATION

MAINTENANCE

OPeN SOurCe fOr yOu | february 2013 | 17

OPEN GADGETS SMARTPHONES Zync Z5 Phablet

Lava Iris 501 OS:

Android 4.0

OS:

Android 4.0

Launch Date:

January 2013

Launch Date:

January 2013

MRP:

` 10,000

MRP:

` 11,990 ESP:

` 9,490 Specification:

NEW

ESP:

` 10,000 Specification:

NEW

12.7-cm (5-inch) WSVGA display, 1 GHz dual-core processor,2,300 mAh battery, 5 MP rear camera and VGA front camera, 4 GB internal storage, expandable up to 32 GB, 3G, Bluetooth, Wi-Fi

5 inches TFT LCD capacitive touchscreen, 1 GHz processor, 2500 mAh battery, 8 MP rear camera, internal memory 4G and expandable up to 32 GB,3G, WiFi

Byond Phablet PIII Launch Date:

December 2012

Huawei Ascend G330

` 15,000 Specification: 15.2-cm (6-inch) display touchscreen, 1 GHz dual-core processor, 2,500 mAh battery, 8 MP rear and VGA front camera, 3G,Wi-Fi

Android 4.0

Samsung Galaxy Music Duos

ESP:

` 10,990 Specification:

Android 4.0 Launch Date:

December 2012 MRP:

` 8,999 ESP:

` 8,999 Specification: 7.6-cm (3-inch) QVGA display touchscreen, 850 MHz processor, 1,300 mAh battery, 3 MP rear camera, 512 MB RAM,4 GB internal memory, expandable up to 32 GB, Wifi

Lava’s Xolo A800

Lava Iris N400 Android 4.0 Launch Date:

December 2012 MRP:

` 6,399 ESP:

` 6,399 Specification: 4-inch TFT capacitive touchscreen, 400 x 800 pixels screen resolution, 1 GHz processor, 1500 mAh battery, 5 MP camera, 127 MB internal memory, expandable up to 32 GB, 3G, Wifi

ZOPO ZP900 S

OS:

Android 4.0 Launch Date:

December 2012 MRP:

` 11,999 ESP:

` 11,999 Specification: 4.5 inch IPS LCD capacitive touchscreen, 960 x 540 pixels screen resolution, 1600 mAh battery, 8 MP camera, 4 GB internal memory, expandable up to 32 GB, 3G, Wifi

December 2012

MRP:

` 8990

` 9,490 ESP:

` 9,490 Specification:

NEW

ESP:

` 8990 Specification:

NEW

12.7-cm (5-inch) capacitive display touchscreen,1 GHz processor,2,500 mAh battery,5 MP rear and 0.3 MP front camera,internal memory 4 GB, expandable up to 32 GB, 3G, WiFi

Videocon A20

Videocon A30 OS:

Android 4.0 Launch Date:

December 2012

MRP:

` 4,999

MRP:

` 7,299

ESP:

NEW

10.1-cm (4-inch) capacitive display touchscreen, 1 GHz dual-core processor, 1,500 mAh battery, 5 MP rear and 0.3 MP front camera, 4 GB internal storage, expandable up to 32 GB, 3G, WiFi

OS: OS:

Launch Date:

January 2013

December 2012

` 10,990

NEW

Android 4.0

Launch Date:

MRP:

ESP:

OS:

Android 4.0

Android 2.3

OS:

December 2012

` 15,000

OS:

Launch Date:

MRP:

Swipe F1Phablet

12.7-cm (5-inch) TFT display touchscreen, 1 GHz processor,2,500 mAh battery,8 MP rear and 0.3 MP front camera, 4 GB internal storage, expandable up to 32 GB, 3G, Wifi

OS:

Android 4.1 aka Jelly Bean

Zync 5-Inch Z5

` 4,999 Specification: 8.8-cm (3.5-inch) capacitive display touchscreen, Android 2.3 aka Gingerbread, 1 GHz processor, 1,350 mAh battery, 3 MP rear and VGA front camera, 3G, Wi-Fi

NEW

iBall Andi 4.5H OS:

Android 4.0 Launch Date:

December 2012 MRP:

` 14,995 ESP:

ESP:

` 7,299 Specification: 10.1-cm (4-inch) capacitive display touchscreen, 1 GHz processor, 1,500 mAh battery, 5 MP rear and VGA front camera, 3G, WiFi

Karbonn A30 OS:

Android 4.0 Launch Date:

December 2012 MRP:

` 12,990 ESP:

` 12,490

` 11,500

Specification:

4.5 inches (11.43 cms) capacitive touchscreen, 960 x 540 pixels screen resolution, 1 GHz dual-core processor, 1600 mAH battery, 8 MP rear camera, 4 GB internal memory, expandable up to 32 GB, 3G, WiFi

5.9-inch capacitive touchscreen, 480 x 800 pixels screen resolution, 1 GHz processor, 2500 mAh battery, 8 MP camera, 4 GB internal memory, expandable up to 32 GB, 3G, Wifi

Lava Iris N320

Lava Xolo A700

OS: OS:

Android 4.0 Launch Date:

December 2012 MRP:

` 15,999 ESP:

` 15,999 Specification: 5.3 inch QHD touchscreen, 1 GHz Dual Core processor.8 MP camera,4 GB internal memory, expandable up to 32 GB, 3G, Wifi

Android 2.3 Launch Date:

November 2012 MRP:

` 4,499 ESP:

` 3,999 Specification: 8.12-cm (3.2-inch) capacitive touch screen, 240 x 320 pixels screen resolution, 1 GHz processor, 1400 mAH battery, 2 MP rear camera, 100 MB internal memory, expandable up to 32 GB, WiFi

OS:

Android 4.0 Launch Date:

November 2012 MRP:

` 9,999 ESP:

` 9,999 Specification: 11.4-cm (4.5-inch) IPS capacitive touchscreen, 960 x 540 pixels screen resolution, 1 GHz dual core processor, 5 MP rear camera, 4 GB internal memory, expandable up to 32GB, 3G, WiFi

NEW

OPEN GADGETS SMARTPHONES Karbonn A15 OS:

Android 4.0 Launch Date:

November 2012 MRP:

` 5,899 ESP:

` 5,899 Specification: 10.2-cm (4-inch) LCD capacitive touchscreen, 800 x 480 pixels screen resolution, 1 GHz processor, 1,420 mAh battery, 3 MP rear camera, micro SD card slot supporting up to 32GB of expandable memory, 3G, WiFi

Karbonn A5+ Android 2.3 Launch Date:

November 2012 MRP:

` 5,990 ESP:

` 4,894 Specification: 3.5 inch capacitive touch screen, 320 x 480 pixels screen resolution, 1 GHz processor, 1420 mAh battery, 3 MP camera, micro SD card slot supporting up to 32GB of expandable memory 3G, Wifi

Reliance Smart V6700

Sony Xperia J

OS:

Android 2.3

Android 4.0

Launch Date:

October 2012

MRP:

` 6,777

` 16,299

ESP:

MRP:

` 6,777

` 15,840

Specification:

8.9-cm (3.5-inch) HVGA capacitive touch screen, 320 x 480 pixels screen resolution, 800 MHz processor, 1400 mAh battery, 3 MP rear camera, WiFi

4-inch TFT touch screen, 854 x 480 pixels, 1 GHz processor, 5 MP rear camera, 4 GB internal memory, expandable up to 32 GB, 3G, WiFi

Micromax A110 Superfone Canvas 2

Micromax A90S Superfone PIXEL

OS:

Android 4.0

Android 4.0 Launch Date:

October 2012 MRP:

` 14,999 ESP:

` 9,999 Specification: 5-inch TFT capacitive touch screen, 480 x 854 pixels screen resolution, 1 GHz processor, 2000 mAh battery, 8 MP rear camera, 4 GB internal memory, expandable up to 32 GB, 3G, WiFi

Lava XOLO X700

Intex Aqua 3.2

OS:

Android 4.0

OS:

Android 2.3

Launch Date:

October 2012

Launch Date:

October 2012

MRP:

` 17,400

MRP:

` 3790

ESP:

` 14,000

ESP:

` 3790

Specification:

0.9-cm (4.3-inch) qHD touchscreen, 960 x 540 pixels screen resolution, 1.2 GHz processor, 2000 mAh battery,5MP rear camera, memory expandable up to 32 GB, 3G, WiFi

3.2-inch capacitive touchscreen, 320 x 240 pixels screen resolution, 1 GHz processor, 1,200 mAH battery, 2 MP rear camera, 512 MB RAM, expandable up to 32 GB, WiFi

Zync Z5

LG Optimus Vu

OS:

Android 4.0

OS:

Android 4.0

Launch Date:

October 2012

Launch Date:

October 2012

MRP:

` 9,490

MRP:

ESP:

` 34,500

` 9,490

ESP:

` 29,999

Specification:

5 inch TFT touchscreen, 480 x 800 pixels screen resolution, 1 GHz processor, 2500 mAH battery, 8 MP rear camera, 4 GB internal memory, expandable up to 32 GB, 3G, WiFi

5-inch capacitive touchscreen, 1024 x 768 pixels screen resolution, 1 GHz processor, 2080 mAh battery, 8 MP rear camera, 3G, Wifi

Karbonn A11

HTC Desire X

OS:

Launch Date:

October 2012 MRP:

` 12,990 ESP:

` 9,999 Specification: 4.3-inch AMOLED touch screen, 800 x 480 pixels screen resolution, 1 GHz processor, 1600 mAh battery,8 MP rear camera, 512MB of built-in storage, expandable up to 32 GB, 3G, WiFi

Android 4.0

OS:

Android 4.0

Launch Date:

October 2012

Launch Date:

October 2012

MRP:

` 9,990

MRP:

` 19,799

ESP:

` 8,499

ESP:

` 19,799

Specification:

Specification: 10.16-cm (4-inch) Super LCD WVGA display, 1GHz Qualcomm MSM8225 Snapdragon processor, 1650 mAh battery, 5 MP rear camera, 4 GB internal memory, expandable up to 32 GB, 3G, WiFi

10.2-cm (4-inch) capacitive touch screen, 480 x 800 pixels screen resolution, 1500 mAh battery, 5 MP rear camera, 4 GB internal memory, expandable up to 32 GB, 3G, Wifi

EXCELLENT EMAIL INFRASTRUCTURE SOLUTIONS WITH UNMATCHED SERVICE SUPPORT! TechnoMail - Enterprise Email Server Anti SPAM, Anti Virus, Email Content Filtering Firewall, Internet Access Control Content Filtering, Site Blocking Bandwidth Management System Managed Email Hosting Solutions

1, Vikas Permises, 11 Bank Street, Fort Mumbai, India-400 001, Mobile: 09167399917. Email: info@technoinfotech.com

OPeN SOurCe fOr yOu | february 2013 | 19

FOSSBYTES Ubuntu arrives for touch phones

If you have a growing appetite for more news about the gadget world, here’s something just for you. The power of touch has finally arrived to one of the most popular Linux distributions— Ubuntu. Canonical has officially introduced its ‘Ubuntu for phones’ operating system. This means Linux fans worldwide can now operate Ubuntu Linux from their smartphones. But users will have to wait till 2014 to get their hands on the first Ubuntu-based smartphone. Meanwhile, if you cannot wait to power your smartphone with Ubuntu, try Ubuntu for Android. So, how is the UI of the ‘Ubuntu for phone’ OS different? Unlike Android, Ubuntu Phone OS doesn't include many screen buttons and depends mostly on edge swipes. According to the official website, “Your phone is more immersive, the screen is less cluttered, and you flow naturally from app to app with edge magic. The phone becomes a full PC and thin client when docked.” For developers, Ubuntu Phone OS supports both native and Web or HTML5 applications. Web apps are first class citizens on Ubuntu, with APIs that provide deep integration into the interface. "HTML5 apps written for other platforms can be adapted to Ubuntu with ease, and we’re targeting standard cross-platform Web app development frameworks like PhoneGap to make Ubuntu ‘just work’ for apps that use them,” according to the official posting.

Watch 100,000 movies and TV shows on your Android tablet

If you own an Android tablet, this news is sure to give you an adrenaline rush! Vudu for Android will now offer you access to entertainment content like never before. Over a year after its launch on iOS, Walmart-owned Vudu has finally opened up its library of movies and TV shows for Android users. It means that Android device users will now be able to stream or download over 100,000 movies and TV shows on their tablet PCs. The catch is that Vudu will only support tablet PCs running the Android 4.0 aka Ice Cream Sandwich OS or above. The Vudu for Android app can be downloaded from Google Play Store for free. Once the app is downloaded and installed, users can download videos for offline viewing like they do on their PCs. The app currently supports only tablet PCs and the company is not making any announcements about its availability on smartphones. According to reports, the list of supported devices will continue to grow soon. It is worth mentioning here that Vudu's Xbox360 app is also updated to support 1080p HDX streaming video.

Raspberry Pi rolls out its own app store!

The $35 Raspberry Pi has just become more fun to own after the launch of Pi Store in December 2012. This app store offers free and paid applications and games for the small-sized computer. In other words, it is a 'one-stop shop for all your Raspberry Pi needs'. The app store allows users to download software, raw code, tutorials, tools or games for the small-sized Linux computer. The idea behind the app store is to encourage young programmers and software developers to programme and create new apps. Making an announcement about the app store, the sources in the Raspberry Pi Foundation wrote in a blog post, “It's also an easier way into the Raspberry Pi experience for total beginners, who will find everything they need to get going in one place, for free.” Users can download the content from the store and upload their content for any moderations or release. Users who submit their content will be allowed to charge for it if they wish to. Even if the users opt to offer their 'work' for free, they will be open to receive donations or 'tips'. The Pi Store allows users to submit raw Python code, binaries, audio, video and images as well, unlike the other app stores. The Pi Store is also offering an updated version of Raspbian. Users need 20 | fEBRUARY 2013 | OPEN SOURCE fOR YOU

RHCE RHCSS

ADVANCE LINUX MODULES

SHELL PHP & SCRIPT MYSQL CCNA

ONLINE TRAINING ONE TO ONE, INSTRUCTOR LED TRAINING

India’s first network security education provider now available at Four different locations

SAVE MONEY & TIME Get yourself CERTIFIED ONLINE for Details, Call us.

100% result in

RHCE/RHCSS exam ONLINE TRAINING BENEFITS • Live Instructor With All Benefits Of In-person Training • Time Flexibility According To Your Convenient Time • You Don't Have To Incur Huge Travel Expenses • One Instructor Train You Single ( 1:1 Ratio )

EXAM DATES Ex-429 = 13 Feb, 28 Feb Ex-333 = 14 Feb, 27 Feb Ex-423 = 16 Feb, 28 Feb

RHCVA = 11 Feb, 28 Feb RHCSA/RHCE = 11Feb, 15 Feb, 20Feb, 27Feb, 28 Feb

Special Offer Only For Online Training

www.grrasspace.com VPS Severs Email Marketing Solutions Java Hosting

Shared Hosting Sever Management Domain Registration

JAIPUR : GRRAS Linux Training and Development Center 219, Himmat Nagar, Behind Kiran Sweets, Gopalpura Turn, Tonk Road, Jaipur(Raj.) Tel: +91-141-3136868, +91- 9887789124, +91- 9785598711, Email: info@grras.com

Free Original Courseware Hurry! Take demo (totally free)! For more queries Call 09887789124

PUNE: GRRAS Linux Training and Development Center 18, Sarvadarshan, Nal-stop, karve Road, Opposite Sarswat-co-op Bank, Pune 411004 M: +91-9975998226, +91-7798814786 Email: info.pune@grras.com

NAGPUR: GRRAS Linux Training and Development Center 53 Gokulpeth, Suvrna Building, Opp. Ram Nagar Bus Stand and Karnatka sangh Building, Ram Nagar Square, Nagpur- 440010, Phone: 0712-3224935, M: +91-9975998226, Email: info.nagpur@grras.com

www.grras.org

FOSSBYTES to type 'sudo apt-get update && sudo apt-get install pistore' to add the Pi Store application to their existing install.

'Fight Back' app allows women to alert family when in danger

TRAINING PARTNER

Now, women in India can rely on technology, if not the arms of law, for their safety. A mobile phone app called 'Fight Back' allows a woman to alert her family and friends with just the press of a button. Developed by a mobile VAS provider CanvasM, the app helps in tracking the user's location. Using the app, the one in danger can send SOS messages to the selected contacts in times of emergency. According to some online reports, Jagdish Mitra, chief executive officer, CanvasM, said, “We feel the application can help make a woman feel safe, especially given the current law and order situation. The app allows them to press a panic button whenever they feel unsafe. It tracks the location using GPS and alerts the right people.” The company is also working to integrate the solution with Delhi Police's backend IT infrastructure. With this integration, the message will go to the Delhi Police as well, along with the family and friends of the user. The app is available for the residents of Delhi-NCR for free, while people willing to download the app from other parts of the country have to pay Rs 100 per annum for the service. The Fight Back app is available for the Android, BlackBerry and Symbian operating systems.

Android-Linux dual boot option for Aakash 3

Researchers at the Indian Institute of Technology (IIT), Bombay, are working hard on improving the existing Aakash tablet and are looking forward to including additional functionalities at the existing price range of $35 or Rs 2,236. One of the major features that would be included in the next version of the Aakash tablet is dual boot compatibility supporting both the Android and Linux operating systems. According to researchers, Aakash 3 would come with more open source software. President Pranab Mukherjee unveiled the Aakash 2 in New Delhi on November 11, 2012. The Aakash 2 is based on a dual-core Cortex A9 processor clocked at 1 GHz along with 512 MB of RAM. Compared to the first Aakash tablet, which was based on a 366 MHz processor and an older ARM architecture, the Aakash 2 is definitely advanced, running Android 4.0 Ice Cream Sandwich. 22 | fEBRUARY 2013 | OPEN SOURCE fOR YOU

FOSSBYTES

Get a taste of YouTube on your telly!

Imagine enjoying your favourite YouTube videos on TV! Yes, you heard that right. You can now access YouTube on any TV by using the YouTube app on your smartphone or even tablet. The company confirmed today that new TVs from world renowned companies like LG, Panasonic and Sony will be making their debut at CES and it will be loaded with this app. Apart from these, companies like Philips, Samsung, Sharp and Toshiba will offer additional sets and set-top boxes, which will be launched over the course of 2013. In a related piece of news, Google announced that its new UI for YouTube on TV, which was previously seen on the Wii U and PlayStation 3, will also be featured on those new devices. The YouTube app will offer full 1080 pixel videos and a fairly minimalist interface as per the YouTube official blog.

Here comes Fuduntu 3 for GNOME 2 buffs

If you dislike GNOME 3 but love GNOME 2, this news is for you. The Fuduntu 2013.1 Linux distro has arrived and uses the GNOME 2 interface. Way back in 2010, Fuduntu came into existence as a Fedora-based Linux distribution. Fuduntu 2013.1 is the first quarterly release of 2013 and comes with new additions like Netflix and Steam on the entertainment front. Fuduntu also has support for Nvidia Optimus technology and has Cairo as the new dock. Other features include Linux kernel 3.6.9, The Gimp 2.8.2, Thunderbird 17, Firefox 17, Chromium 23.0.1271.97, VLC 2.0.5, and X.org 1.12. GNOME's popularity on Linux desktops started to plummet the day its developers came up with GNOME 3, much against the wishes of users who were GNOME 2 fans. Mobile-like or metro user interfaces such as Unity, GNOME 3, and not to forget Windows 8's current UI, have all been a huge turn-off for desktop users. Well, those at GNOME have certainly realised their mistake and are most likely regretting their move. Previously, GNOME developer Matthias Clasen's official posting stated, "We certainly hope that many users will find the new (GNOME 3.x) ways comfortable and refreshing after a short learning phase; and we should not fault people who prefer the old way. After all, these features were a selling point of GNOME 2 for 10 years!"

A Linux-based OS that lets you hide your IP

Complete privacy in cyberspace had earlier seemed to be a distant dream. But now, with Whonix, you can enjoy complete privacy while you are online. This Debian-based operating system promises to provide complete security and boasts of protecting a user's privacy totally. “Whonix is an anonymous general-purpose operating system based on Virtual Box, Debian GNU/Linux and Tor. By Whonix design, IP and DNS leaks are impossible. Not even malware with root rights can find out the user's real IP/location,” said an official post describing the operating system. Explaining the privacy control in the OS, the post said, “Whonix consists of two (virtual) machines. One machine solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other machine, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible.” Compared to other ‘Tor-VM’ or ‘Tor-LiveCD’ projects, which sometimes use special minimal or stripped down Linux distributions (like TinyCore, DSL or Puppy), Whonix is larger. Both the VMs together are currently almost 2 GB. This new operating system can even conceal IP addresses while using Skype. It also helps in anonymous IRC, anonymous

GET COMPLETE EMAIL INFRASTRUCTURE SOLUTIONS FOR ENTERPRISES AT UNBELIEVABLE PRICES! TechnoMail - Enterprise Email Server Anti SPAM, Anti Virus, Email Content Filtering Firewall, Internet Access Control Content Filtering, Site Blocking Bandwidth Management System Managed Email Hosting Solutions

1, Vikas Permises, 11 Bank Street, Fort Mumbai, India-400 001, Mobile: 09167399917. Email: info@technoinfotech.com

OPEN SOURCE fOR YOU | fEBRUARY 2013 | 23

FOSSBYTES publishing, anonymous e-mail with Mozilla Thunderbird and TorBirdy, location/IP hidden servers and prevents anyone from discovering your IP. No one can even find out your physical location.

RHCE / RHCVA / RHCSS Exam Centre

At ADVANTAGE PRO, we do not make tall claims but produce 99% results month after month – TAMIL NADU'S NO. #1 PERFORMING REDHAT PARTNER RHCSS RHCVA RHCE

Only @ Advantage Pro

Redhat Career Program from THE EXPERT

Also get expert training on My SQL-CMDBA, My SQLCMDEV, PHP, Perl, Python, Ruby, Ajax...

New RHEL 6.2 Exam. Dates (RHCSA/RHCE) @ ADVANTAGE PRO th th Feb 2013 - 18 , 25 “Do Not Wait! Be a Part of the Winning Team”

Regd. Off: Wing 1 & 2, IV Floor, Jhaver Plaza, 1A, N.H. Road, Nungambakkam, Chennai - 34. Ph : 98409 82185 / 84 Telefax : 28263527 Email : enquiry@vectratech.in www.vectratech.in 24 | fEBRUARY 2013 | OPEN SOURCE fOR YOU

Red Hat Enterprise Linux 5.9 released

Red Hat has announced the next minor release of Red Hat Enterprise Linux 5—Red Hat Enterprise Linux 5.9. This release marks the beginning of Production Phase 2 of Red Hat Enterprise Linux 5. As with all minor releases, Red Hat Enterprise Linux 5.9 maintains backward compatibility with hardware and software platforms across the lifecycle of Red Hat Enterprise Linux 5. Therefore, the hardware and software compatibility included within previous releases of Red Hat Enterprise Linux 5 continues with this minor release. Red Hat Enterprise Linux 5.9 also showcases numerous improvements, including support for industry-leading hardware vendors through enhanced hardware enablement, continued commitment to security, standards and certifications, new developer tools, enhanced application support, better subscription management and more.

You can learn computer basics from the Raspberry Pi education manual

The makers of Raspberry Pi have been constantly on their toes to make learning a wholesome experience. The Raspberry Pi Foundation has already launched a 'Quick Start Guide' for the small-sized computer. A team of UK teachers from Computing at School (CAS) has come up with an open source Raspberry Pi Education Manual to teach basic computer principles. The 172-page education manual helps in learning about programming and other computer science topics. The PDF manual serves as a beginner's guide for Scratch (a visual programming environment), Python, the Linux command line, and much more. Users are exposed to the experiments for creating games and animations, which will enable them to not only learn coding with the Raspberry Pi, but also get thorough with the basics of computer science. The manual is designed for people of all ages to learn computer science better.

Here’s a smartphone that can sense your mood!

Researchers are now working to bring out a smartphone platform that can sense your mood. Known as the Android Remote Sensing app (AIRS), it does 'careful monitoring of the lifestyle to pinpoint and help avert triggers for stress and negative emotions'. The application analyses the amount and type of data it is exposed to. It makes use of huge amounts of data gathered from various sources like location, weather, noise levels, vicinity devices to gauge crowds, social aspects including calendar events, and communication spikes in email, text and calls. This information is sufficient to provide an account of a person's day. AIRS behaves like a watchful friend that provides the needed personal management by pointing towards the specific causes of stress, which it ascertains on the basis of the data it gathers. The platform makes use of the inbuilt sensors in the smartphone to account for environmental aspects, which it then uses to construct a 'narrative'. These devices will be showcased at the Consumer Electronics Show (CES) 2013 at Las Vegas, which begins on January 8, this year. This new feature will surely excite Android enthusiasts, who have been waiting to watch videos from smartphones and tablets on their TVs (other than Google TV).

FOSSBYTES Here comes the Kii keyboard app for Android

With the growing popularity of touchscreens, the use of keyboards has been on the wane. But keyboard users have reason to smile. Google has multiple keyboard apps available on its Play Store. This line-up is being led by Swype, then SwiftKey and it looks like Android users now have a couple of more options— the Slice and Kii keyboards as well. The Kii app has been recently updated to version 1.2. The Kii keyboard offers features that include Swype-like gesture input and SwiftKey-like next word prediction. The app also supports 34 languages combined with themes, a split keyboard layout, font and colour customisation, an extra arrow key row, an extra number key row, and more. On the compatibility front, the Kii Keyboard app supports any device that runs Android 2.1 or above, which sounds like good news for all those who still run their devices on stone-age Android versions across the globe. The Kii Keyboard is available for free and you can download it from the Google Play Store today! Another exciting alternative to Kii is the Slice Keyboard app. This is an innovative touch keyboard design that allows users to touch and type on a touch screen. Slice’s main innovation is a blank home row where you place your fingers. The keys are shown depending on which fingers are placed on the home row. Each key is in a direction relative to the keys on the home row. This allows you to type without having to look at the keys.

Bodhi Linux 2.2.0 released

If you have a fetish for lightweight distros, this one is for you. The version 2.2.0 of Bodhi Linux is out. This release includes the 'first Bodhi images to feature the stable E17 desktop'. A few new changes have been made in this release. According to a posting, “The Bodhi project will now be maintaining two 32-bit install discs: one that is PAE enabled by default and one that is not. The kernel without PAE will be an older stable kernel (in this case 3.2), while the PAE enabled kernel will be the latest - for 2.2.0 this means a 3.7 kernel. The 64bit release also comes with the 3.7 kernel." “These discs are also our first released images that are hybrid ISO images. This means that you can write the image directly to a flash drive simply using the dd command and it will become a bootable media. You no longer need to use unetbootin (unless you want to) to create bootable Bodhi flash drives,” wrote Jeff Hoogland, Bodhi Linux developer, in a blog post. Also included in these disc images are local copies of a newly updated Bodhi QuickStart and the Bodhi Guide to Enlightenment. Both these documents have been updated to showcase all the recent changes that have occurred with the stable E17 release.

GET ROBUST, SCALABLE & COST-EFFECTIVE OPEN SOURCE SOLUTIONS TechnoMail - Enterprise Email Server Anti SPAM, Anti Virus, Email Content Filtering Firewall, Internet Access Control Content Filtering, Site Blocking Bandwidth Management System Managed Email Hosting Solutions

1, Vikas Permises, 11 Bank Street, Fort Mumbai, India-400 001, Mobile: 09167399917. Email: info@technoinfotech.com

OPEN SOURCE fOR YOU | fEBRUARY 2013 | 25

Developers

Overview

Top 10 Open Source Tools for Web Developers

Wondering which open source tools to use for Web development? This article is a compilation of a list of IDEs (Integrated Development Environments), Web servers, databases, CMSs, etc, to help beginners looking for the best software.

pen source applications are the best tools, especially when it comes to Web development. Many of them have features comparable to expensive applications like Visual Studio, etc. If you cannot find all the features in one application, you could use a combination of two or more apps since you won't be spending money. Writing an article that lists the best open source tools is not an easy task, as there are a lot to choose from and it’s necessary that you try them out before selecting what works best for you. It also feels nice to share the experience. There are many tools that have made an impact, and will help you day after day. Some of you may disagree with my selection and may have your own favourites, but this list has been compiled on the basis of the ratings of a large number of users, and of course, my experience too.

on this platform. It is available for Mac OS X, Windows 7 and all Linux flavours as well as for 32-bit and 64-bit architectures. The core features behind its popularity are: Supports latest Web technologies like HTML5, CSS3, JavaScript, Ruby on Rails, PHP and Python, with information about the level of support for each element in major Web browsers. Syntax highlighting, auto-completion of code.

1. Aptana Studio

When it comes to a free open source IDE for Web development for professionals in particular, I vote for Aptana Studio. At the time of writing this article, Aptana Studio 3.3.1 is available, with all the bugs that I encountered while using it on Windows a year ago, removed. But I guarantee that if you are a true open source fan and are crazy about Linux, you will find that it is best 28 | february 2013 | OPeN SOurCe fOr yOu

Figure 1: Aptana Studio

Overview Git integration. Inbuilt deployment wizard to help publish your Web application. Integrated debugger—the most important component of an IDE, lets you set breakpoints, inspect variables and control execution. Built-in terminal to access OS commands. Some might favour Eclipse. It's excellent, but I'll not mention it here, as it is not compatible with the GNU General Public License.

Developers

professional desktop, enterprise, Web, and mobile applications with Java as well as C/C++, PHP, JavaScript, Groovy, and Ruby. It is a good IDE, but I mentioned it after Aptana and Komodo Edit, because it is not a fully dedicated Web development IDE. One feature that NetBeans is known for is its great debugging. You can make your code bug-free as fast as possible. Having started as a Java IDE, it has all the great features that the two IDEs mentioned in my list have.

2. Komodo Edit

Komodo Edit is a free open source code editor. If you are not perfectly satisfied with the code editor you are currently using, you can switch to this. It is a cut-down version of the Komodo IDE, and is a complete solution to Web- and cloud-based projects. It uses the Mozilla code-base, along with Scintilla. This makes it different from other free code editors like jEdit and Notepad++. It also has a Firefox-type extension system for finding and installing add-ons. Its main features are: Supports Python, Perl, PHP, Ruby, HTML5, CSS3, JavaScript, SQL, Tcl and XML. As usual, it is available for Linux, Windows and Mac OS X. Syntax highlighting, auto-completion and call tips. Komodo Edit 7 has added support for Node.js, CoffeeScript, LESS, SCSS, EJS and epMojo. Website dedicated to Komodo colour schemes called Kolormodo. Its built-in FTP client lets you access remotely hosted files without having to create a project or download an entire directory tree. If Firefox is your browser of choice, you would feel right at home with Komodo.

Figure 2: Komodo Edit

3. NetBeans

NetBeans is a free, open source IDE that started as an IDE for Java programming, but now you can create

Figure 3: NetBeans

4. Drupal

Drupal is a very powerful open source CMS, just like WordPress and Joomla. It lacks high-quality themes like those available for the other two CMSs, but it is unique in its own way, and preferred for its good technical design and maintainability. I have used all three long enough to say that each is good in its own way. You can use a gel pen or a ballpoint pen—yet it is hard to quantify which is better. But, if you are a beginner, I would say it is easy to handle Drupal, although installation may be a little bit more troublesome than WordPress. Drupal takes configuration management quite far, and allows the community to participate in a unique way. Its other advantages are: Getting static pages on a Drupal site is easier than in WordPress or Joomla. The Drupal module for social media integration is easier to work with than its counterparts for WordPress or Joomla. Ubercart, the e-commerce tool for Drupal, is excellent. You might have trouble working with the e-commerce tools for WordPress or Joomla (maybe some compatibility issues). Drupal, being old, has grown a lot and has a large community base, so you'll not be alone. Community support is very good, in my experience.

5. MySQL

MySQL is the most popular and powerful database and hardly needs introduction. It is open source and free. However, the enterprise version is not free, but compared to other enterprise solutions, it is still the best choice for its price and OPeN SOurCe fOr yOu | february 2013 | 29

Developers

Overview

the support is awesome. The free version of MySQL serves as the foundation for the CMSs discussed above and various other software. You can administer the database using the command-line utility mysql, with dozens of commands for effective management. You can integrate it with PHP, Java and other programming languages to make an effective application. You can use MySQL Workbench, which is a GUI tool for integration of database design, administration and maintenance into a single IDE for the MySQL database system.

to create graphics from scratch, or to edit. The program supports the standard Scalable Vector Graphics (SVG) file format, as well as many others. It imports files from many formats, including .jpg, .png, .tif and others, and exports to numerous vector-based formats and .png. Don't compare it with its proprietary counterparts, as they are more powerful. Among free tools, Inkscape is the best and is being developed further. The final release that I used suffices for a Web developer.

Figure 4: MySQL

6. Apache Web server

Apache has been the most popular Web server since April 1996 and hosts nearly 60 per cent of Web domains. It has been released under the Apache License and doesn't require modified versions to be distributed under the same licence. Its features are: Though developed for UNIX-like OSs, it also runs on Windows, Mac OS X and others. Common language interfaces support PHP, Perl, Tcl and Python. Virtual hosting allows one Apache installation to serve many different websites. Supports password authentication and digital certificate authentication. As its source code is available, you can modify it according to your needs, if you know what you are doing. Other features include Secure Sockets Layer, Transport Layer Security support, a URL re-writer and custom log files.

Figure 5: Inkscape

9. FileZilla

FileZilla is a free and open source FTP, FTPS and SFTP client. It is also available as a server if you want to make files available to others, but this works for Windows only. Created in January 2001 by Tim Klosse as a class project, FileZilla has gone on to become the fifth most popular download of all time from SourceForge.net. Its most important features are: Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol (SFTP). Being cross-platform, it runs on Windows, Linux, *BSD, Mac OS X and more. Supports resume and transfer of files larger than 4 GB.

7. Apache Tomcat

As stated by its website, Apache Tomcat is an open source software implementation of the Java Servlet and Java Server Pages technologies. Tomcat should not be confused with the Apache server. Tomcat is a Web container that serves Web pages written in Java, while Apache is an HTTP server written in C. It is a collaborative effort of world-class developers from across the globe. I have used it with Eclipse IDE, and I can vouch for the fact that it is pure plug-and-play; no hardand-fast configuration is needed.

8. Inkscape

Inkscape is a vector-based graphics application, and by far the most popular open source option for a graphics tool if you aim to decorate your website. It has powerful tools 30 | february 2013 | OPeN SOurCe fOr yOu

Figure 6: FileZilla

Overview IPv6 support. Configurable transfer speed limits. Network configuration wizard. HTTP/1.1, SOCKS5 and FTP-Proxy support. Synchronised directory browsing. You'll find Filezilla good if you want to deploy your site, but your IDE lacks an in-built FTP client for deploying websites.

10. XAMPP

If you want to install a full LAMP or WAMP stack, it's hard to configure them all and get the site live. XAMPP has

Developers

changed this, with a simple easy-to-install Apache distribution containing MySQL, PHP and Perl for quickly setting up a development environment locally. XAMPP is supported on multiple operating systems: Windows, Linux, OS/X and Solaris. It is designed with the Web developer in mind, giving you the power and flexibility of a test Web server without the hassle of setting up a dedicated box running a special server operating system, just for site testing. When it comes to throwing a server out into the wild, however, proper hardened security is a must— and operating systems designed specifically for servers should be used for public-facing production sites, instead of XAMPP. My advice to anyone wanting to give XAMPP a spin would be: stay within the confines of an internal LAN and you should have no problems. References [1] http://httpd.apache.org/ [2] http://www.wikipedia.org/ [3] http://www.drupal.in/ [4] http://filezilla-project.org/ [5] http://sourceforge.net/

By: Rahul Gupta

Figure 7: XAMPP

The author graduated from BVCOE, New Delhi. Fascinated with Web 2.0, he loves to play around with Linux and open source software. He will be happy to hear any query or suggestions at rahulgupta172@yahoo.com.

You can mail us at osfyedit@efyindia.com. You can send this form to ‘The Editor’ - D-87/1, Okhla Industrial Area, Phase-1, New Delhi-20. Phone No. 011-26810601/02/03, Fax: 011-26817563

OPeN SOurCe fOr yOu | february 2013 | 31

Developers

Insight

Android Application Discovery A Problem of Plenty This article covers one of the core issues in the Android application ecosystem, application discovery.

he exponential boom of smartphones makes you realise that you have entered the smartphone era. Eighty per cent of the world’s population owns a mobile phone, and of the approximately 5 billion mobile phones in the world, 1.08 billion are smartphones—around 20 per cent! Currently, smartphone purchases are outnumbering normal mobile phone purchases, day by day. With a smartphone, the inevitable need is smart applications. If we go by the numbers, 74 per cent of data usage activity on Android and 79 per cent of that on iOS is related with mobile application downloads. A recent news release stated that Google Play has over 700,000 Android applications. If we believe predictions made by experts, mobile apps will grow from a US$ 6 billion industry today to US$ 55.7 billion by 2015. Users log an average U

of 77 minutes per day using apps on their smartphones, and hence there are a large number of mobile applications being launched every month. That’s fine, but why am I stating all these numbers? There are a lot of Android application distribution platforms, Android application discovery platforms and a lot of third-party App stores that claim they can help you in discovering the Android application you may need. But they are still far away from doing so. As I have already mentioned, Google Play has already crossed 700,000 apps—which is very encouraging for app developers, considering that just 1 billion or so people have smartphones. But the app stores and discovery platforms we have in place are not well suited to showcase such a large number of apps. The current system of having

Developers

Insight five to 20 top applications in various categories such as ‘Top Paid’, ‘Top Free’, ‘Top Grossing’, ‘Staff Picks’, ‘Recommended For You’, ‘Trending’, etc, leaves room for only a few thousand applications to be discovered. If we closely analyse Google Play and other third-party Android app stores, they are not perfect mobile app discovery platforms yet. In the current system, developers upload app screenshots and app videos to showcase their applications on the app market. Based on the visual appeal and the description, products are sold. Now this certainly is not the perfect way of buying new apps. I mean, if you ask me to explain the current app store policy in simple terms, I would say they are selling us clothes based on their description, pictures, colours, designer, brand—and we can’t try them on unless we buy them. Does that make sense? As a substitute to this, Google Play provides a window of 15 minutes for users to try the app and cancel the purchase if required. But this includes downloading the app, which is time-consuming. Another issue with the current mobile app ecosystem is converting Web leads into actual downloads. On an average, 160 minutes/day are spent on the Internet using laptops and desktops, which is approximately 150 per cent of the mobile Internet usage. But the current app store system fails to use this platform efficiently. As explained in [image 2], app sharing on the Web is broken. We can see this if we compare the app-sharing lifecycle to the YouTube video-sharing lifecycle. How many of us actually go on YouTube searching for a video? To go by stats, 500 years of YouTube video are watched every day on Facebook, and over 700 YouTube videos are shared on Twitter each minute. A 100 million people take a social action on YouTube (such as likes, share, comment, etc) every week, out of a total 200 million users. So almost 50 per cent of the traffic is via social networking sites. Imagine going on YouTube and searching for the Korean popstar Psy’s ‘Gangnam’ video based on a tweet or post saying, “hilarious dance steps guys, please go and download this video!” We are still lagging behind in the social recommendation model for mobile applications. Link sharing is similar to videos, but then actual consumption of content is broken until we download it. In other words, Web links fail to convince users effectively. But there are quite a few products that try to solve this problem of app discovery; I have mentioned a few of these in Table 1. They add their own algorithms in addition to the Google Play algorithm, with extended social sharing features. That makes app discovery a bit hassle-free, and they do some kind of personalisation to the suggestions and ranking algorithm they use while showing the results to you. But the core problem remains unresolved—users have to trust the content and static images, or at best, the videos of the applications.

1. Description based information 2. Limited social actions 3. Limited social recommendation

1. 2. 3. 4.

1. Description based information 2. Better social actions 3. Better social recommendation

App Discovery Platforms

Google Play and Other third party app stores

Test Drive for applications Limited social actions Limited social recommendation Region bound

Amazon App Store

Overview of current app discovery Instantly share it with friends of Facebook, twitter, blogs

Your friends can see a video

Ex. If you like a Video on YouTube

If you friends like it too, re-Share it with their friends Here Users Actually 'Consume' video and then share it

Issues with app sharing on the Web

App Sharing on web! Share it with friends on Facebook, twitter, blogs

Friends come to your link but cannot use the app instantly. They need to download it.

Ex: If you like a Mobile app, download it to you device

Sharing Process BREAKS

If your friends like it too, they reshare it with their friends That's why we don't see many apps being shared on the Web

Current video sharing process on the Web

Product App.net

AppHero Crosswalk

BuzzDoes

Features Static custom pages for apps Download via SMS and email Better social sharing Good social recommendation Personalised app recommendation Social recommendation Personalised app recommendation Good app search Social and personal recommendation Gives incentives to the users Developer needs to integrate their SDK

Continued on page 37... OPeN SOurCe fOr yOu | february 2013 | 33

Developers

Let's Try

Protecting System Intents in Android The last article on ‘Intents in Android’ covered the basics of one of Android’s important inter-application communication mechanisms—intents. This article goes deeper into Android’s System Intents, and their security aspects, i.e., how Android prevents applications from misusing system-level intents.

ystem-level intents are those that the Android System sends—a more appropriate term would be ‘broadcasts’— to the rest of the system and the applications, to notify them about a certain event. These are mostly sent by various services that are part of the core Android framework. These intent broadcasts can be sticky, ordered, etc, depending on the nature of the event and the receivers. On receiving these intents, the registered listeners take necessary action.

Why do system intents need to be protected?

A normal intent is something like ‘ACTION_PHONE_CALL’, which an application can send (provided it has the required permission granted during installation) to initiate a phone call; whereas, an easy example for a malicious system intent would be ‘ACTION_SHUTDOWN’. No application should be able to shut down your device. Another example would be ‘ACTION_BATTERY_CHANGED’, which is broadcast when the phone’s battery properties are changed. The system application that shows the battery capacity receives this intent, U

extracts the battery properties (one of which is the capacity) and shows it in the notification area. If a malicious application were able to send this intent, it might send erroneous values for the capacity, and as a result, the end user might see strange results in how the battery capacity is reported.

Protecting system-level intents

When an application sends an intent, the Activity Manager, which plays a major role in managing the life-cycle of an application and in InterProcess Communication (IPC), verifies the permissions of the sender for the particular intent. If an application sends a systemlevel intent, this permission check will fail and an Figure 1: App has stopped exception will be thrown.

Let's Try The sample application code shown below has a button captioned ‘Send System Intent’; on clicking it, the application tries to send the ‘ACTION_BATTERY_CHANGED’ intent. However, what happens is that as soon as it is clicked, you will see the ‘Unfortunately the app has stopped’ dialogue (Figure 1). This is because a security exception happens when your application sends a system intent:

Developers

system-level intent is an easy two-step process. First, add the intent name in frameworks/base/core/java/android/content/ intent.java, as shown below: /** * Broadcast Action: Have the device reboot. This is only for use by * system code.

public class IntentTestActivity extends Activity {

/** Called when the activity is first created. */ @Override

* <p class="note">This is a protected intent that can only be sent

public void onCreate(Bundle savedInstanceState) {

* by the system.

super.onCreate(savedInstanceState);

setContentView(R.layout.main);

@SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) public static final String ACTION_REBOOT = "android.intent.

/** When we click this Button, it tries to send System

action.REBOOT";

Intent */ Button intentBtn = (Button)findViewById(R.id.intent); intentBtn.setOnClickListener(new Button.OnClickListener() {

Next, add the intent string inside the list of protected intents in frameworks/base/core/res/framework/AndroidManifest.xml. A part of this file looks like what follows:

public void onClick(View v) { Intent myIntent=new Intent();

<protected-broadcast android:name="android.intent.action.NEW_

myIntent.setAction(Intent.ACTION_BATTERY_

OUTGOING_CALL" />

CHANGED);

<protected-broadcast android:name="android.intent.action.REBOOT" getBaseContext().sendBroadcast(myIntent); }

});

/> <protected-broadcast android:name="android.intent.action. MYACTION" />

}

A part of the stack trace of the exception message is as follows:

But if you are really adding a system intent that does not exist in Android, you might want to up-stream your change to Google, and walk into the hall of fame!

E/AndroidRuntime(18585): FATAL EXCEPTION: main

Android CTS

E/AndroidRuntime(18585): java.lang.SecurityException: Permission Denial: not allowed to send broadcast android.intent.action. BATTERY_CHANGED from pid=18585, uid=10064

As a result of this, the Activity Manager kills the application. Thus, the Android system makes sure that no application can send a system intent. You can try this with the help of the source code provided at http://www.linuxforu.com/ article_source_code/jan13/intents_android.zip and by using an Android emulator:

Google provides an automated test suite that performs thorough regression/performance testing on various Android devices. This framework is called the Compatibility Test Suite (CTS). This exhaustive testing also includes verifying the security of system intents. The code that does this test resides in cts/tests/tests/permission2/src/ android/permission2/cts/ProtectedBroadcastsTest.java. So, to make Android CTS test your system intent, add it to the list of intents (actually, it’s an array of Strings named BROADCASTS) mentioned in this file.

W/ActivityManager( 263): Force finishing activity com.example. intenttest/.IntentTestActivity I/WindowManager( 263): WIN DEATH: Window{2100b9b8 com. example.intenttest/com.example.intenttest.IntentTestActivity paused=false}

References [1] http://developer.android.com/guide/components/ intents-filters.html [2] Android Source repository

I/ActivityManager( 263): Process com.example.intenttest (pid 18585) has died.

By: Durgadoss R

Creating system intents

The author is a kernel programmer, and spends his spare time hacking Android. You can reach him at r.durgadoss@gmail.com

However, if you are at an OEM/ODM, creating your own

OPeN SOurCe fOr yOu | february 2013 | 35

Exploring Software

Anil Seth

Guest Column

Creating MOOC Courses It is very likely that, in the near future, you may get your degree from a university but will really learn from a Massive Open Online Course.

OOC (wikipedia.org/wiki/Massive_open_ online_course) should not be confused with the streaming of traditional lectures over the Internet. These open courses are, or will be, as radical a departure from current education as the earlier replacement of personal tutors for the elite with public schools. As these courses are heavily dependent upon technology, especially software, it is very interesting to examine the software needed to create and run them. For those interested in knowing the variety of courses now available on various sites, look at coursetalk.org. Another resource for more about MOOC, including its wider significance as a way of jointly exchanging knowledge, can be found at moocguide.wikispaces.com.

The video

The most obvious part of the MOOC is the videos, which have to be brief and engaging. Khan Academy is a great example. Salman Khan's presentation on TED talks is an excellent resource for understanding why and how these videos worked. It seems so obvious, in retrospect, that you wonder why no one had done it earlier. Unsurprisingly, the radical change had to come from outside the community of educators! To make such videos, the primary tools you will need are screen capture software, a sketching program and a tablet. In order to ensure that you do not have too many 'retakes', you will need video editing software. Although desktop recording tools will let you record the screen and audio simultaneously, you may find it more effective to create separate tracks for screen capture and audio, and then mix them. You can find a number of open source and Linux options for each of the required software. Recording a desktop session on Linux is easy with recordmydesktop. For sound editing, Audacity is the default option. For video editing, the options include

Kino, Cinelerra as well as vlmc from VideoLan, the creators of VLC Player. In order to make your video available to viewers from different language backgrounds, you could use subtitles. You can even get your viewers to create the subtitles for you (universalsubtitles.org).

The communications forums

An important part of learning is the ability to ask questions and get answers. Not everyone asks a question; however, everyone present in the class gets to hear the answer. The conventional method of a conversation between a student and a teacher would not be a viable mechanism where thousands of students are involved, although Google Hangouts and similar solutions can be an option. One case study of a MOOC course found that of all the tools, the best loved was the mailing list! There is no shortage of open source options for mailing lists and discussion forums. There are also solutions targeted at Q&A (questions & answers) sites like StackOverflow. You may search for StackOverflow clones on StackOverflow to get an answer! Those who like Python may opt for AskBot or OSQA. In a number of courses, the best way to share assignments and analysis would be by using blogs. WordPress and Movable Type are the prominent open source solutions for blogs, but there are numerous other alternates.

The quizzes

Testing is the most irritating aspect of current educational institutions. However, you know from programming that testing is highly desirable and mandatory. Testing in software is not to test the programmers or categorise them—at least, I hope not! It is to ensure that the software does what it is supposed to do. In online education, video lectures

Guest Column Exploring Software

are integrated with quizzes. The MOOC focus is the student—“I think I have understood, but have I?” Each brief tutorial is followed by a quiz to help you gauge if you have understood the concept just discussed. Currently, the handling of quizzes may involve just questions and answers. There are many tools that will let you create a quiz dynamically from a pool of questions. A good one is from the Khan Academy, github.com/Khan/khan-exercises. However, smarter quiz and evaluation bots will emerge. For example, Hewlett Foundation sponsored a prize to improve the automated scoring of student essays. To be useful, the quizzes have to adapt themselves to the individual being tested—an obvious use of AI techniques. No wonder the breakthrough MOOC was a course on artificial intelligence and involved Peter Norvig, co-author of ‘AI: A Modern Approach’. You may enjoy the concise six-minute video of his experiences on ted.com.

Integrating it all

Google has a project called Course Builder to help you create a MOOC as an App Engine application. It is a good resource for the steps and the ideas that may need to be considered. Stanford has created a platform called Class2Go, github.com/Stanford-Online/class2go. With the variety of tools available, it would be easy for you to roll your own framework, quite possibly, by using Drupal or a similar CMS as the base. You don't even need to wait for someone to create a MOOC to learn. One great opportunity for learning a new subject would be to create a MOOC by re-mixing existing content and sharing it with the world :).

By: Anil Seth The author has earned the right to do what interests him. You can find him online at http://sethanil.com, http://sethanil.blogspot.com, and reach him via email at anil@sethanil.com.

Continued from page no....33 Product

Features

App.net

Static custom pages for apps Download via SMS and email Better social sharing

AppHero

Good social recommendation Personalised app recommendation

Crosswalk

Social recommendation Personalised app recommendation Good app search

BuzzDoes

Social and personal recommendation Gives incentives to the users Developer needs to integrate their SDK

Test Drive feature is available only for apps hosted on the Amazon app store, and only in the United States; and usable only in Web browsers with Flash support. Moreover, they lack social features, as it is region-specific. In spite of all these products in the market, app discovery still remains an unsolved mystery. While concluding, I would love to mention that we at AppSurfer try to overcome these limitations. We are trying to combine the remedies to the app discovery issue, so as to make the Android application ecosystem more mature

and complete. We run Android applications in the browser, so users can try apps before they download them. We have social recommendations in place, as well as widgets that make your Android applications run on blogs, on Web pages and in the Facebook feed itself. All in all, app discovery is a well-known problem, but I feel that if tackled rightly, it is solvable!

References [1] http://www.go-gulf.com/blog/smartphone [2] http://thesocialskinny.com/100-social-media-mobile-andinternet-statistics-for-2012/ [3] http://crave.cnet.co.uk/ [4] http://www.ericsson.com/ [5] http://marketingland.com/ [6] http://www.youtube.com/t/press_statistics [7] http://www.jeffbullas.com/2012/05/23/35-mind-numbingyoutube-facts-figures-and-statistics-infographic/

By: Akshay Deo The author is a co-founder of RainingClouds Pvt Ltd. AppSurfer is the first product from this firm, which runs Android applications in browsers itself. Akshay works on Android source code, Android applications, Java, Python and .NET technologies. He can be contacted @ akshay@rainingclouds. com and akshaymdeo@gmail.com.

OPeN SOurCe fOr yOu | february 2013 | 37

Let's Try QueryArrayCached: Returns the cached result for a previous query run. If the result is not already present in the cache, this function will save the result set in the cache as well. InstantiateDbRow: Instantiates a single DB row as an object. It also expands the object’s properties to cover any related object, based on what was requested for expansion (discussed later). InstantiateDbResult: Compiles a list of objects instantiated by InstantiateDbRow to create the result array. CountByXYZ: Returns the number of results for a given value of a column (represented by ‘XYZ’). It is noteworthy that CountByXYZ methods are created for only those columns on which an index has been defined. The ‘XYZ’ part is replaced by the name of the column. LoadByXYZ: These methods are created for any column on which a unique index is defined. As you can guess, again, ‘XYZ’ is replaced by the name of the column. LoadArrayByXYZ: These methods are created for any column with a ‘non-unique’ index on them. Save: Saves the object. Saving the object will either cause an update (if you are saving a modified object) or create a new object (if you created a new object). You may also force an insertion even if the object is to be updated (you have to make sure that the condition when you do this will not fail on the database level). This also deletes the old cached object (if it was already there). BuildQueryStatement: This function actually builds the final query. You do not use it directly. All these features are built into the ORM-Gen class files (located in the includes/model/generated directory in the extracted directory—the code-base root directory). One does not have to use them directly. Instead, the ORM Class files, which are located in includes/model have to be used, which are sub-classes of their respective ‘Gen’ classes. During the Codegen process, the ORM-Gen class files are overwritten, but the ORM class files are not (they, however, are created if they do not exist already). This allows you to write class-specific methods in the ORM classes, which makes sure that your custom methods are not overwritten on subsequent Codegens!

Nodes and expansion

The functions just mentioned make it quite easy to work with the objects of a table. But what about nesting the queries? Well, that feature is available too. The fact is, all tables and columns are treated as nodes. Nodes are connected with each other depending on the foreign keys in place. When running a query, you can cause the resulting objects in the set to expand the column(s) into another object of the table with which the column establishes a foreign key relationship. Have a look at http://bit.ly/W4Ryer to understand how this is done. Do not forget to view the source code.

Developers

Creating forms for data entry

Codegen deals with databases, and databases store data. It is obvious that your Web application is going to need some data before it really becomes useful. No matter what type of Web app you are going to build, entering data is a mandate, at least for testing. PhpMyAdmin or similar tools allow you to enter data into your database, but then it is not always safe to use them; one mistaken click of a button and you can end up deleting a complete table! Well, you can use them while starting off with the application, but as the complexity of the schema grows, they too become cumbersome to use. Speaking of ‘cumbersome’, would it not be good if someone just created a form automatically, with you needing to only feed data to the DB? How about if someone created reusable, ready-to-use controls for your database columns, so you could use them in your Web app without writing the code for it? Does it sound like you need to pay money to people employed for the job? To me, it does not. QCubed’s Codegen goes a step forward, and creates forms that allow you to insert data. The good thing is that these forms are made of modular controls. A form is built for each table. Each form in itself is a panel which contains MetaControls (explained later) and they, in turn, contain input controls for each column of the table. The pages that contain the data entry forms are called ‘draft’ pages—so named because they can be used as a draft to help you build your applications. The forms come with the following benefits: 1. Form validation—This prevents you from entering invalid data. For example, if you try to enter characters in a textbox that is supposed to receive only integers, it will show an error. This function implements the ‘maxlength’ attribute of text input controls to prevent you from entering extralong text for varchar columns. A NOT NULL field cannot be left empty, and so on. If done manually, creating the validation system will take a lot of time. 2. Foreign key controls—If you have a foreign key column in a table, then the respective input control for that column in the ‘Codegened’ form would be a drop-down list (HTML select element) of values representing rows in the related table. Easier than referring to the table in another tab and entering data manually, right? 3. CRUD—You can use this to create a new row, update an old row or to delete one.

Figure 1: Codegened forms come with form validation based on column constraints

OPeN SOurCe fOr yOu | february 2013 | 39

Developers

Let's Try

MetaControls

The magic of draft forms is given to you for programmatic use, piece by piece. The forms are built using MetaControls, which too are automatically generated, one for each table. Every MetaControl contains methods to create input controls for each column in the table. So, for example, if you want to create a page that contains the text-box for entering a blog post title from your example database, all you would need to do is: // Create a textbox on the page $this->txtTitle = new QTextBox($this); //Create MetaControl for new Post $mctPost = PostMetaControl::Create($this, null, QMetaControlCreat eType::CreateOnRecordNotFound); // Get input control from MetaControl's creator function $this->txtTitle = $mctPost->txtTitle_Create();

And the textbox ‘txtTitle’ would contain all the limitations for the title column of post table in place; just render it! Now how can you get it done easier? If the above code does not make any sense, you can either have a look at it in the second part of the QCubed examples site, or wait for the next article in the series, when we cover how QCubed helps you build Web pages real fast. MetaControls are created depending on the data-type of each column. For example, if the data type is varchar, then the control would be a textbox; if it is text, the control would be a textarea element; if it is Boolean, the control would be a checkbox; and if it is a foreign key, it will be a drop-down select element. The MetaControls also contain information needed for validation, so that a form submission does not result in an error from the database. They are available for programmatic use, and you are probably never going to write validation logic for database columns again. In addition to the goodies mentioned above, QCubed also generates an AJAX control panel, which brings all the forms to one place, and can easily serve as the central control panel for all data you use in your Web app.

DataGrids

If you want to find all the posts that contain the word ‘Google’ in the title and the word ‘California’ in the body, perhaps the only way would be to write the appropriate query. Even with tools like phpMyAdmin, the process is not too simple—you either have to write queries or select tables and columns manually before you can query the database. Well, it might not be needed with QCubed since it comes with controls called QDataGrids, which make searching in tables a lot easier than it would be otherwise. During the Codegen process, each table also receives its own MetaDataGrid, which can be used to present the table in the database as a table on the screen. QDataGrids are limited neither to a single table nor to Codegen. You can create one of your own to present data U

Figure 2: QDataGrids: Easy-to-use tables with search options

from multiple tables. You can select which columns you want to be sortable and/or searchable as well. However, there are a couple of drawbacks with QDataGrids: You cannot use the search or sort feature across columns that belong to two different tables. But you can display data from two tables in one QDataGrid using the templating feature they possess. You cannot create a QDataGrid using a hand-written query—you must use QCubed’s built-in database querying mechanism called QQuery. This is because QDataGrids cannot work on raw result sets in array format. They work only with objects.

How to run Codegen

Once you have the framework configured, running Codegen is straightforward. To configure the framework, you need to open the 'includes/configuration/configuration.inc.php.sample' file and change the values for __DOCROOT__, __VIRTUAL_ DIRECTORY__ and __SUBDIRECTORY__. Also, you need to set the database parameters in DB_CONNECTION_1. "After making the changes, save the file as 'includes/configuration/configuration. inc.php. Now, you need to open the base QCubed installation address from the browser. That is to say, if your DocumentRoot directory is /var/www and you installed QCubed in /var/www/ lfy then you should open the address http://localhost/lfy. If you have not configured something right, the automated configuration checker will try to help you out. You should see a ‘Start’ page showing the current configuration, details about the framework and important links to help you. It would also let you know of any other problems detected— for instance, if you entered wrong parameters for database configuration, that would be shown here as well. In addition, if there are file-system permission issues, that too is reported. QCubed needs permissions to create and alter files in certain directories where it would put the Codegened files. The file-system permission issues are checked during the config-check as well! On the ‘Start’ page, you get the link to run the Codegen, so click on it. I recommend that you take a backup of the index.php file that comes along before modifying or replacing it with one of your own, as it contains important links you would need time and again. Once you have configured the framework with one database, you can add more databases to your app defined as DB_ CONNECTION_2, DB_CONNECTION_3 and so on. Remember, however, that simply adding database connections would not run Codegen for all of them. You need to add Codegen parameters for each of them in the codegen_settings.xml file (in the same directory), in which various options and their effects have been

Let's Try explained. It is imperative to remember that duplicate table names across databases added to the configuration would raise a warning because the two tables would get duplicate class names during Codegen. Typically, Codegen will raise an error when such issues arise. To counter this, set prefix and/or suffix values for classNames in codegen_settings.xml for the database whose ORM class files you would want to carry the prefix/suffix.

Location of files

The location of files generated during the Codegen process depends on the type of file. Here is a list of locations where the Codegened files are stored: 1. includes/meta_controls/generated/: The files in this directory contain the actual code for MetaControls and DataGrids (in MetaControl-Gen and DataGrid-Gen classes) and are overwritten each time Codegen runs. They should not be used to store any custom logic for the generated MetaControls and DataGrids. 2. includes/meta_controls/: This directory will contain the class files where you can write your custom logic for the MetaControls and DataGrids because they are created once and are not overwritten on subsequent code generations. These are directly derived from the MetaControlGen classes. 3. includes/model/generated/: Contains ORM-Gen class files for each table with the functions we discussed earlier. They are overwritten on subsequent code generations and these too cannot hold any custom code you write in them. 4. includes/model/: Contains the ORM class files that you should use while designing your application. They are not overwritten and are one great place to store your custom methods for each table separately! 5. includes/formbase_classes_generated/: Contains the abstract classes to derive from, for creating pages to list and edit entries in tables, updated on each Codegen run. 6. drafts/panels/: Contains Codegened panels that can be directly used for creating, editing and deleting entries in tables. They use MetaControls for the respective tables and add the ‘Save’, ‘Cancel’ and ‘Delete’ buttons for CRUD functionality. These panels are reusable in your application, and are recreated on each Codegen. 7. drafts/: Contains individual pages for CRUD functionality for tables. They are overwritten each time Codegen runs. In addition to the files created to work upon tables, the QCubed Codegen system also updates three special files located in includes/model/generated. The files are: _class_ paths.inc.php, _type_class_paths.inc.php and QQN.class.php. These files are vital to the autoloading feature in QCubed, and must not be tampered with.

Using the generated code

You have got ORM classes, draft forms, panels, MetaControls and DataGrids. Where and how to use them is, of course, up to you and the design of the app. However, there are a few recommendations that will help you along the way:

Developers

Do not ever alter any files which are over-written on Codegen. You would only lose your work. Use ORM class files to write any code that works on table data directly. This will facilitate organisation of code, and reduce the number of custom files you need to create; e.g., if you want to create a method that loads objects using a nonindexed column, the ORM class is where you should define it. Choose drafts pages and the AJAX panel over phpPgAdmin (or phpMyAdmin) for inputting data—they are safer and come with validation logic. If you want to show a control on your Web page, which directly relates to a table in the DB, try to use MetaControls rather than creating a new control, time and again. You can alter the looks and behaviour of input controls you get via MetaControls. If you alter the columns (e.g., alter the length of varchar fields), Codegen will update the constraints on the MetaControls, making sure you do not have to rewrite the logic. Feel free to copy the MetaControls, Panels, Controls and Pages generated by Codegen and create your own classes by modifying them—they are there to help you, not to restrict you. However, do check for changes in schema since your custom files are not automatically updated. If you simply want to ‘add’ a functionality, it is better to create a new class inheriting from the generated class (much the same way ORM classes are inherited from ORM-Gen classes). Directory locations are also controlled using variables defined in configuration.inc.php. If you want to change their location, you can. Though QCubed gives you the freedom to write your custom queries, do it when QQuery does not satisfy your needs perfectly. Try to stick to the generated classes wherever you can—it saves labour. DataGrids should be used to create simple tables with basic search functionality. DataGrids are not SEO friendly—they never provide a hyperlink to the second (and subsequent) page results; instead, work using actions and events. Use your own pagination if you require SEO. Your draft pages can be used to change data. Set ALLOW_ REMOTE_ADMIN to ‘False’ in the configuration file to make sure that access to them is restricted. All the above are suggestions, not rules. If you have a reason to, you can violate them (e.g., when you want to access the draft pages on your website from a remote computer, you should set ALLOW_ REMOTE_ADMIN to your public IP address). Use Codegen as an aid and it will reduce about 70 per cent of your workload straight away—you must have already realised how!

By: Vaibhav Kaushal The author is a 25 year old college dropout from Bangalore who also happens to be a core contributor to QCubed. He loves writing for technology magazines and his blog when he is not busy fiddling around with QCubed or developing his website (http://www.c-integration.com/).

OPeN SOurCe fOr yOu | february 2013 | 41

Developers

Overview

Implementing HTML5 WebSockets Using Java Intended for those who know the basics of HTML, JavaScript, Java and JSP, this article shows readers how to use the new HTML5 WebSocket API, which allows full duplex communication between client and server.

f you open a connection to a server with the new ws protocol (unlike AJAX, where clients poll the server for updates), WebSocket allows the server to send messages to the clients—to push data instead of pulling it.

Polling, long polling, streaming, and WebSocket

In polling, the client polls the server at regular intervals asking for updates; the server replies with any updated content if available. In long polling, the client makes a connection to the server, which is kept alive until the server has an update. After the update is sent to the client, the connection is re-established and held open until another update is obtained from the server. In streaming, the client creates a connection to the server and this connection is never ended; updates are sent to the clients indefinitely. Now with WebSockets, the client makes a new connection with the ws protocol; the server registers the client and then pushes data to it when an update is available.

Client-side API

The WebSocket object attribute websocketobjext.readystate shows the different stages of connection establishment; the possible values and meanings are: 1) The connection is not yet established; 2) The connection is established and communication is possible; 3) The connection is at the stage of closing the handshake; and 4) The connection is closed. The websocketobject.bufferedamount attribute shows the number of bytes queued to send. WebSocket events include onopen(), triggered when a connection is opened; onclose(), when it is closed; onerror(), when any error occurs; and onmessage(), when a new message is received from the server. WebSocket methods include send() to send a message to U

the server, and close() to close an established connection.

Server-side implementation

You need a server-side implementation for WebSocket to work, of course, and for this you use WebSocketServlet, a new type of servlet available in Tomcat 7.0.32; see the API documentation at http://bit.ly/W6sR16. WebSocketServlet methods include verifyOrigin(String origin), which helps check the origin of the message (the domain name of the server to which the client is connected) letting you allow or deny messages from a list of servers. Then there's createWebSocketInbound(String subProtocol, HttpServletRequest request), invoked when a client makes a new WebSocket connection request; it returns an object of type streaminbound, representing a connection. The API doc is at http://bit.ly/V7Lt66. Its methods include onopen(wsoutbound outbound), invoked when a new connection is established; onclose(int status), if an existing connection is closed; ontextmessage(charbuffer message), when a client sends a text message to the server; onbinarymessage(bytebuffer message), likewise, but message is binary. The requirements to be able to use this are Tomcat 7.0.32, JDK (a recent version), and Firefox/Chrome. An example of a simple chat application is available at http://www.linuxforu. com/article_source_code/feb13/ By: Shyam Chandran The author is a Web developer based in Kochi. He is an open source enthusiast, bordering on being an evangelist. He enjoys drinking lots of coffee, hacking through the night on his Tux machine, and going on nice long rides on his Royal Enfield. Queries? Please contact him at shyamchandranmec@gmail.com.

How To

Developers

Dynamic Program Analysis Using Valgrind: A Jump-start Guide This article introduces Valgrind, a dynamic instrumentation framework to detect memory errors. The MemCheck tool, which comes as a part of the Valgrind framework, is used for this purpose. Throughout this article, the use of the term Valgrind implies the Valgrind MemCheck tool.

emory errors lead to segmentation faults, which are very common while dealing with pointers in C/ C++ programming. It is always easy to identify and solve compilation errors, but the task of fixing segmentation faults is tedious without the help of any tools. The GNU Project Debugger (GDB) and Valgrind are two elegant tools available in the open source community that are useful for fixing these errors. GDB is a debugger, while Valgrind is a memory checker. Unlike GDB, Valgrind will not let you step interactively through a program, but it checks for the use of uninitialised values or over/underflowing dynamic memory, and also gives you the cause of the segmentation fault.

Passing system call parameters with inadequate buffers for read/write; i.e., if your program makes a system call passing an invalid buffer (a buffer that cannot be addressed) for either reading or writing. Attempting to write read-only memory. Trying to dereference a pointer that is already freed. All these situations can give rise to memory errors, causing the program to terminate abruptly. This is particularly dangerous in safety- and mission-critical systems, where such abrupt program termination can have catastrophic consequences. Hence, it is necessary to detect and resolve such errors that can lead to segmentation faults. The Valgrind open source tool can be used to detect some of these errors by dynamically executing the program. Segmentation faults Valgrind notifies the user with an error report for all What is a segmentation fault, and how is it generated? A program uses the memory space allocated to it, which includes the above scenarios. The error detection is performed by the stack, where local variables are stored; and the heap, where tracking all the instructions before the execution of that particular instruction, and checking for memory leaks. This memory is allocated from during runtime. Remember that tracking is done by storing the data about the state of each memory is allocated dynamically at runtime, using keywords memory location before the execution of each instruction, such as ‘malloc’ in C or ‘new’ in C++. Now consider the known as meta-data, in what is called shadow memory. following scenarios: Note that each time the meta-data is analysed to check for Not releasing acquired memory using delete/free. memory leaks, it may lead to an overhead which makes the Writing into an array with an index that's out of bounds. Trying to reference/dereference a pointer that is not yet initialised. program slower to analyse dynamically.

OPEN SOURCE FOR YOU | FEbRUaRY 2013 | 43

Developers

How To

Memory faults may not cause significant damages in small programs, but can be extremely dangerous in safetycritical applications and can have disastrous consequences; for instance, a segmentation fault in a medical application may lead to loss of lives. Hence, one must be extremely careful about memory leaks.

Detecting memory errors using Valgrind

In this section, let us explore how to use Valgrind to detect memory errors in a program written in C/C++. Apart from the MemCheck tool, the Valgrind distribution also includes thread error detectors, a cache and branch-prediction profiler, a call-graph generating cache and branchprediction profiler, a heap profiler and three experimental tools: a heap/stack/global array overrun detector, a second heap profiler that examines how heap blocks are used, and a SimPoint basic block vector generator. Valgrind-3.8.1 is the latest stable version, which has been used for this article. The following platforms support Valgrind: X86/ Linux, AMD64/Linux, ARM/Linux, PPC32/Linux, PPC64/ Linux, S390X/Linux, MIPS/Linux, ARM/Android (2.3.x and later), X86/Android (4.0 and later), X86/Darwin and AMD64/Darwin.

Debugging with Valgrind using MemCheck

To analyse this program using Valgrind, run the following command: $ valgrind --tool=memcheck --leak-check=yes ./eg1

You will get the following output: ==5215== Memcheck, a memory error detector ==5215== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==5215== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info ==5215== Command: ./eg1 ==5215== ==5215== ==5215== HEAP SUMMARY: ==5215== ==5215==

in use at exit: 4 bytes in 1 blocks total heap usage: 1 allocs, 0 frees, 4 bytes allocated

==5215== ==5215== 4 bytes in 1 blocks are definitely lost in loss record 1 of 1 ==5215==

at 0x402B87E: operator new(unsigned int) (vg_replace_

malloc.c:292) ==5215==

by 0x8048528: main (eg1.cpp:7)

==5215==

Unlike Java, languages like C or C++ do not have a garbage collector, which is an automatic memory manager for collecting memory occupied by unused objects in the program. Hence, there exists a significantly higher chance for memory faults to occur. One major issue with memory faults is that the error leads to a failure only during runtime. Thus, tools like Valgrind play a major role in detecting memory faults, without which debugging such errors becomes troublesome. Given below is a demonstration of how to use Valgrind with the following code. It explains the scenarios listed earlier:

==5215== LEAK SUMMARY:

#include<iostream>

The number 5215 is the process ID of the program. Additionally, the tool provides information about various other properties of the program like heap summary, leak summary and error summary. Heap summary provides details regarding calls to malloc/new/free/delete. In the above output, the count of memory allocations and frees is mentioned; if not the same, it indicates a memory fault. The leak summary gives the amount of memory leaked; in the above example, this is 4 bytes, as shown. The error summary provides an overview about the total number of errors. In this example, the memory allocated is not released using the delete() instruction. Thus, the 4 bytes are considered as ‘definitely lost’ as given in the leak summary, which indicates that your program is leaking memory. Let us complicate our example code by adding the following, in order to consider Scenario 2:

#include<stdlib.h> using namespace std; int main() { int *x; x = new int(20); // no delete() used to release memory allocated return 0; }

Let us compile the above code using the following command: $ g++ -g eg1.cpp -o eg1

44 | FEbRUaRY 2013 | OPEN SOURCE FOR YOU

==5215==

definitely lost: 4 bytes in 1 blocks

==5215==

indirectly lost: 0 bytes in 0 blocks

==5215==

possibly lost: 0 bytes in 0 blocks

==5215==

still reachable: 0 bytes in 0 blocks

==5215==

suppressed: 0 bytes in 0 blocks

==5215== ==5215== For counts of detected and suppressed errors, rerun with: -v ==5215== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

How To

Developers

x[20] = 1; //Invalid write as x[20] is not allocated any memory

for the latest version, after which, follow the steps given below:

Remember that here, x[20] being assigned a value is not a valid operation; hence, this will lead to a segmentation fault. We know that the size of x is just 20 and hence accessible locations are x[0] to x[19], so x[20] is an invalid address, and writing to it is an invalid write. On compiling the code and running it in Valgrind, you will get the following response:

$ bzip2 -d valgrind-XYZ.tar.bz2

==5235== Invalid write of size 4 ==5235==

at 0x804853A: main (eg1.cpp:8)

==5235== Address 0x4328078 is not stack'd, malloc'd or (recently) free'd

The output indicates there is an invalid write of size 4 happening at location 0x804853A, i.e., at Line No 8 in the main function of the program. In other words, it gives you the type of error and the stack trace, which gives you the location of the error. Let us now add the following lines to our example code, to consider Scenario 3. if(x[1] == 0) // x[1] is not assigned any value. Hence invalid

$ tar -xf valgrind-XYZ.tar $ ./configure $ make $ make install

Using Valgrind during software development can improve the quality of the software being developed. To get more information about Valgrind, please refer to the home page, http://valgrind.org/ References [1] [2] [3] [4] [5] [6]

http://www.cprogramming.com/debugging/valgrind.html http://valgrind.org/ http://valgrind.org/downloads/ http://cs.ecs.baylor.edu/~donahoo/tools/valgrind/messages.html http://www.around.com/ariane.html http://valgrind.org/docs/manual/faq.html#faq.deflost

By: Sreepriya C The author is a FOSS enthusiast and is also interested in cyber security. Currently, she works on mastering various tools for debugging and disassembling binaries for reverse engineering.

read. cout<<"Hello";

There is an invalid read happening in the new line. Remember that we did not assign any values to the array. Therefore, x[1] has a garbage value and reading that is an invalid read—a memory fault. On compiling and running the program in Valgrind, you will get the following output: ==5244== Invalid read of size 4 ==5244==

at 0x80485D7: main (eg1.cpp:9)

==5244== Address 0x432802c is 0 bytes after a block of size 4 alloc'd ==5244==

at 0x402B87E: operator new(unsigned int) (vg_replace_

malloc.c:292) ==5244==

by 0x80485B8: main (eg1.cpp:7)

Note that MemCheck does not report an error when it finds uninitialised data, but reports only when uninitialised data is used in the program. You can explore the other scenarios in a similar way, if you are interested. Valgrind effectively finds unpaired calls to new/malloc and delete/free, invalid memory operations like read and write, and detects system calls with inadequate read-write parameters.

Installing the Valgrind framework

Valgrind is available from the Ubuntu repositories. You can check the repositories for other distributions, or directly install the program using the source from http://valgrind.org/downloads/

OPEN SOURCE FOR YOU | FEbRUaRY 2013 | 45

Joy of Programming

Guest Column

S.G.Ganesh

Learning from Mistakes Older engineering disciplines, such as civil and mechanical engineering, matured over decades of trial and error. Software engineering is still an emerging discipline and its practitioners also need to learn from past failures, as well as from other engineering disciplines to improve its practices.

ompared to civil engineering, which evolved over the last few millennia, the very term ‘software engineering’ was coined only in 1968, at the first NATO software engineering conference held in Garmisch, Germany. Though electrical and electronics engineering too have matured over time, we cannot wait decades for the software engineering discipline to mature. As software engineers, we can learn from failures, and try to find ways to overcome them. Many of the failures, accidents and disasters related to software are well-known today. In the past, software failures have had varying impacts, from minor inconveniences and monetary losses to adversely affecting day-to-day life, to even causing the loss of human lives. Software defects in mobile phones and media players cause minor inconveniences. For example, the Zune media players froze on December 31, 2008, which was the last day of a leap year that the software did not check for. A missing check for validating the input in the onboard software caused the USS Yorktown (a warship in the US Navy) to be stranded at sea for a few hours in 1997. Because of some software defects, Toyota’s Prius cars “accelerated unintendedly”, causing accidents, following which, thousands of cars were recalled, causing millions in losses to the company. In 198587, six people were killed because of an overdose from Therac-25 radiation therapy machines – a result of software malfunctioning. Hence, we can learn from these software failures and also from the history of other engineering disciplines. In fact, some of the earlier disasters have striking similarities with the software disasters that we are familiar with today. Let’s look at an example.

The Vasa

Sweden was one of the major military powers in the 1600s. In 1625, Sweden’s King Gustav II Adolf ordered a large warship to be built to strengthen the country's naval war capabilities. It was called the Vasa. He assigned this task to an experienced ship-builder named Henrik. Based on the descriptions that the king gave, Henrik designed the ship to carry 32 guns, each weighing 10.88 kg (24 lb). With that plan in mind, he built an approximately 33.52 m (110 feet) keel. Meanwhile, King Gustav learned about Denmark’s plan for a larger ship; so he ordered that the Vasa be enlarged so as to have a 41 m (135 feet) keel. Further, he wanted to introduce two enclosed gun decks in the ship, which was an innovative feature for ships of that time. As the construction of the ship progressed, the king suggested a series of changes, finally deciding that the Vasa must be able to carry 64 guns (each 10.88 kg/24 lb), with many small guns as well. The architect Henrik died before completing the ship, and his assistant Jacobsson was made the architect of the ship. With no written specifications or documents, Jacobsson continued with the ship’s construction with whatever limited understanding he had about the original plans. Before launch, a ‘stability test’ was conducted; the ship rocked violently, and the test was stopped, but fearing the wrath of the king, the architect hid the problems about the ship from the monarch. When Poland threatened war, the King ordered the ship to be launched as soon as possible. On August 10, 1628, on its maiden voyage, the Vasa sailed only 1,300 metres before it sank, killing 53 sailors. This resulted in a huge economic loss and humiliation to Sweden.

Continued on page no 52

Overview

Admin

Top

Web Log AnALysers

Today’s Web hosting data centres deploy multiple servers, running many operating systems. With the growing number of online businesses, it's important to know how many customers reach your websites. Beyond just the number of hits, it is imperative to understand customer behaviour and market trends, which needs Web analytics. This article looks at the top 10 analysis tools for website access, categorised by popularity, functionality and ease of use. They are, essentially, must have gadgets in every network administrator’s toolbox.

ebsites directly catering to a business are always complex for the business owner, as well as the technology support team. Owners want to know things like how many hits are generated over a period of time, and also which product pages are being accessed more frequently than others. This information is essential for them to correlate it directly or indirectly with the sales and profit figures. The owner would also be interested in customer trends. For example, they may want to find out if Web users are trying to access a particular set of products just because those products are on discount. From the technology support standpoint, administrators want to ensure the reliability and stability of their websites.

If the Web hits are increasing, they would want to know what impact this can have on CPUs and memory usage, as well as on the network throughput. Similarly, it would be important for them to know if and when the servers' hardware needs upgrades, or when to add more Web servers into the pool. Another requirement could be to troubleshoot website-related problems by looking at the HTTP error field (for instance, a 404 means that links on the website point to non-existent pages, causing a bad user experience). Web servers create detailed and verbose Web logs in the form of text files. All fields are important for analytics; however, Table 1 lists fields that are crucial for analysing website usage and trends. OPeN SOurCe fOr yOu | february 2013 | 47

Admin

Overview

Table 1

Important log fields for Web analysis Date and time IP address URL accessed Protocol (HTTP or FTP) Browser type OS type Cookie Site referrer

Web analysers parse the details of those text files to carry out an analysis. For example, by sorting based on the source IP address, we can find out how many hits were generated by a particular Web client; or by intelligently sorting through the Web page file names, we can know which pages are hit the most. Based on the values in the browser field and OS type, it is easy to know the number of Windows machines running the IE browser or Firefox, Mac users running Safari, etc. As you can see, all this information is extremely useful to tune the website according to the users’ experience, thus increasing traffic and leading to better business.

Top 10 Web analyser tools

Given below is our list of top 10 tools for Web analysis for mid to large IT Web infrastructures. We selected these tools based on their popularity, deployment base, and simplicity to install, configure and put to use. The list contains a few tools that can perform on-the-fly Web analysis, which can help in troubleshooting website code-related problems. AWStats: Though this is one of the first-generation tools, it is still widely used. Written in Perl, it works well on multiple platforms. A great feature of AWStats is that it supports virtually all popular Web servers’ log formats, right from Microsoft IIS and Linux Apache to O’Reilly Web servers. It is capable of creating customisable views, including bar graphs and pie charts, thus offering a clear insight into Web traffic statistics. AWStats is meant for small to medium infrastructures, where log files are not too heavy to process. This tool is managed and updated at http://awstats. sourceforge.net. Webalizer: Unlike various GUI-based tools, Webalizer is a complete command-line-operable utility, which makes it popular among Linux and UNIX administrators. It has its own small configuration language, which can be used to decide how the tool should read and parse the log files, and the fields in it. For example, configuring its IgnoreSite option with an internal IP address range can help get rid of internal Web traffic, and focus only on external hits. Due to its extensive command switches, it can be used in a scheduled job to perform the daily administrative tasks of looking into Web logs or automatically creating useful reports. This tool can be downloaded from http://www.webalizer.org.

Piwik: When many log files contain huge amounts of information, it becomes cumbersome and time-consuming to parse those. This needs a faster log parsing tool, and Piwik solves the problem. Besides just the typical Web analysis, Piwik comes with a set of plug-ins to enhance the reporting styles. For example, its GeoIP plug-in can be utilised to map source IP addresses in the logs to a particular country, state or city. While supporting multiple platforms, it has its own Python-based command interface to get the most in terms of reports. Today, many Web hosting facilities use Piwik, and also provide its customisable Web user interface to their customers as an offering. This tool can be found at http://piwik.org. OpenWebAnalytics: Written in PHP and using MySQL as the back-end, this utility comes in handy especially when administrators want to collaboratively process the logs of multiple websites together. OpenWebAnalytics is capable of processing really large logs, and can optionally fetch those directly from a database format too. Unlike many other professional tools, this open source version can provide a clickstream report, whereby the users clicking on a Web page are shown in a date-and-time format. This helps code troubleshooters to know exactly what the Web user did, and they can try repeating those steps to replicate the problem. It can also create a heat-map type of report, segregating the website into most-hit and least-hit pages, shown in the form of colour gradients for easy understanding. This tool is available at http://www. openwebanalytics.com. Deep Log Analyser: This tool is a typical Web analysis utility. However, unlike most other tools, it is very useful to process FTP logs. Besides the standard reporting, it can create a list of keywords and the hits on the Web pages that contain that keyword too. This is especially important for SEO (Search Engine Optimisation). The tool uses a standard MS-Access style database format, which can be exported to any other database engine and queried with standard SQL for further customisation of reports. For small infrastructures, Deep Log Analyser can be more than adequate to get visibility for a Web business. This tool can be found at http://www. deep-software.com. FireStats: This tool comes equipped with features meant for a different audience. Today, most websites are being developed in open source content management systems such as Drupal, Joomla or WordPress. These systems have their own unique styles of handling file names, cookies and other parameters. FireStats is capable of interpreting cookies found in the Web log files, as well as the names of code files accessed by the user, and segregating information for each CMS in use. It can translate the report into multiple languages. Unlike many other tools, FireStats can be installed on the Web server, and it can act as a silent background

Overview service, parsing traffic to create instant reports. This tool is available at http://firestats.cc. GoAccess: For Linux administrators who want immediate insight into their websites, GoAccess is probably the best choice in the open source world. A great feature of this tool is that it can work in real time, which means that administrators can pull up a report by querying the service, on the fly. This report, however, is not in HTML format, but certainly gives enough information to know exactly what is happening on the Web server—which files are being accessed at that moment, the errors occurring with the Web engine at that time, etc. Besides this, it is capable of supporting the IPv6 protocol, and can also parse any custom log format. This makes it a must have tool, especially for parsing logs of network components and devices. It is available at http://sourceforge.net/projects/goaccess. Web Forensik: While many analytics tools focus heavily on the website usage statistics and patterns, Web Forensik focuses more on the security angle of a website. It is specifically written for the Apache log style; however, with proper log file conversion, any Web server log file can be processed. Many Web developers don’t have any insight into the security of their code. Web Forensik is capable of finding commonly known Web attacks such as crosssite scripting, cookie injection and SQL injection. During and after development, the team can subject code to such common attacks using penetration testing tools, and put the Web Forensik utility to work, to find which code files may have security loopholes. Besides this feature, it can also show output in a graphical form to create meaningful reports. The utility is available at http://sourceforge.net/ projects/webforensik/. AW Log Analyser: Although this tool is not exactly free, there is a ‘Lite’ version, which is open source. This tool focuses more on the search engine robots. As we know, each search engine traverses websites using pre-defined bots, which leave access trails in the Web log files. AW Log Analyser has a built-in parsing mechanism, which can find out whether or not the website was accessed, by each of more than 400 different search engines. This is important from the business perspective, to understand where to channel the marketing efforts. To serve this purpose better, it can list the pages that receive the most hits from visitors, but not by search engines, and vice versa. It can work in offline mode too, where multiple accumulated past log files can be processed to get historical trend reports. This tool is available at http://www.alterwind.com/loganalyzer. WebLog Expert: This is again a semi-commercial tool, with a paid enterprise version and a free lite version. This is a traditional tool for users who want to perform basic log analysis on their Windows desktop, while the log files to be parsed can be either in IIS or Apache format. A unique feature of this tool is that it can perform reverse DNS lookups to

Admin

try finding domain names of the source IP addresses found in the logs. It also contains a built-in database to map IP addresses to countries. This tool is available at http://www. weblogexpert.com. A Web log analyser is an essential tool for Web administrators from the technology as well as business standpoint. While selecting an analyser, the focus should be on ease of use and the quality, as well as the details highlighted in the graphical report output. A powerful Web log analyser provides great insight into the customers accessing the website and their mind-sets, which makes these tools essential for decision-making. Note: Tools mentioned in this article are purely to bring clarity to the subject of Web analytics. The order in which these tools are mentioned is not intended to undermine any tool’s ratings or features. By: Prashant Phatak The author has over 22 years of experience in the field of IT hardware, networking, Web technologies and IT security. Prashant runs his own firm called Valency Networks in India (http://www.valencynetworks.com) providing consultancy in IT security design, Security Penetration Testing, IT Audit, infrastructure technology and business process management. He can be reached at prashant@valencynetworks.com.

OPeN SOurCe fOr yOu | february 2013 | 49

CODE

SPORT

Sandya Mannarswamy

In this month’s column, we celebrate the 10th anniversary of LFY/OSFY by looking back at how programming languages evolved over the last 10 years, and look ahead to what is in store for us over the next decade.

elcome to a special edition of CodeSport. As you know, this month, we are celebrating the 10th anniversary of LFY/ OSFY. This edition carries a number of articles featuring the ‘Top 10 …’ in various domains, in celebration of our 10th anniversary. Celebrating 10 years is a grand milestone for LFY/OSFY. As we have journeyed through the last 10 years, the world of programming languages has witnessed many a change. In this month’s column, we take a nostalgic look at how programming languages evolved over the past decade, and provide a peek into what the next 10 years may hold for us.

Programming languages over the past 10 years

Over the past 10 years, there have been many changes in programming languages, influenced by events in the software development ecosystem. We started 10 years back with the Dot Com boom and the bubble then burst; we went through the ‘Web 2.0’ revolution, and are currently being swept along by the ‘Mobile Momentum’ and ‘Big Data’ explosion. Java ascended the throne of programming languages with the Dot Com boom and still continues to rule a significant part of the kingdom. The Web 2.0 revolution heralded the age of scripting languages. JavaScript became the de-facto client-side Web programming language. Python, Perl, PHP and Ruby came of age as mainstream development languages in the course of the Web 2.0 revolution. ‘Mobile Momentum’ gave us Objective-C and enshrined Java in Android. The Big Data explosion moved the spotlight from ‘Code’ to ‘Data’ and it became cool and nerdy for computer science graduates to re-invent

themselves as ‘Data Scientists’ instead of as ‘geeky programmers’. Programmers learnt to develop skills in statistics, machine learning and data mining, as well as in traditional coding and testing techniques. Given these developments in the software ecosystem, the popularity of different programming languages has fluctuated widely over the past 10 years. The well-known TIOBE programming community index (http://www.tiobe.com) measures the popularity of programming languages. It is enlightening to look at what languages were popular in 2003 and compare them with the TIOBE index in 2013. Look at Tables 1 and 2. Can you guess which table reflects the popular languages of 2012 and which shows 2003’s Top 10? It is pretty obvious that Table 2 deals with 2013; the dead giveaway is the presence of Objective-C as third most popular, propelled by the mobile app development focus on iOS. Table 1 gives the popular programming languages of 2003. It is interesting to compare the two tables that are 10 years apart. C, C++ and Java continue to rule the roost. Performance-intensive system software code still gets written in C or C++. The majority of application development is still in Java. Mobile application development on iOS and Android accounts for the popularity of Objective-C and Java. C# popularity can be attributed to Web/ mobile application development on the Windows platform. Python’s popularity and adoption has increased considerably over the last 10 years. If you are wondering where Ruby is in Table 2, Ruby was the 11th most popular programming language as of January 2013, and hence did not make it to Table 2. More detailed comparisons of

Guest Column programming languages are available at http://bit.ly/rItE. It is interesting to note that, by 2013, the scene is much more democratic, with many languages being quite popular— the language at first position (namely C) has only 17.85 per cent of the overall votes, with Java being a close second with 17.41 per cent. This is a major shift in trend from 2003, when C, C++, and Java accounted for nearly 70 per cent of the overall popularity votes. We consider this an important trend, which is likely to continue. This is significant for programmers, because it is no longer enough for you to be an expert in a single programming language, say C or C++ or Java. Today, the expectations are that given a particular software project, you should pick up the language that is most suited for it, rather than sticking with the language of your expertise. Therefore, programmers are expected to be experts in multiple languages, and keep their skills sharpened as newer programming languages appear on the scene. For example, consider Scala, which appeared on the scene in 2003 as a better form of Java, bringing functional programming to Java. Today, Scala is employed by major deployments such as the Twitter platform, appearing as the 33rd most popular programming language on the TIOBE index. On the alternate popular programming language index http://redmonk.com/sogrady/2012/09/12/ language-rankings-9-12/ Scala appears in the 12th position (RedMonk ratings are based on usage information from http://www.stackoverflow.com and GitHub). A number of new programming languages have appeared on the scene. These include ‘GO’ and ‘Lua’, and are gaining popularity. One of the other interesting facts about the evolution of programming languages is the type of language features that have appeared in them. Functional programming support, dynamic typing and concurrency support are some of the interesting features to look at. Almost every imperative language—C, C++ or Java—has been trying to borrow elements from functional programming. Language support for Lambda expressions is today available in C++ and Java directly, and a plethora of libraries exist to complement functional language support for Java and C++. While Java has been supporting concurrency as a first-class citizen from the beginning, C++ recently added concurrency support in the language. While statically typed languages like C, C++ and Java still continue to rule the roost, many popular scripting languages like Python, JavaScript and Ruby are dynamically typed. Another point to note is the rise of scripting languages support for JIT compilation with Python—Ruby and JavaScript support JIT compilation in various forms.

The road ahead for the next 10 years

We have seen languages moving from being closer to the hardware, such as C and assembly language, to higher-level

Table 1

CodeSport

Table 2

Programming Language Java

Programming Language C

Java

C++

Objective-C

Perl

C++

Visual Basic

PHP

SQL

Visual Basic

Python

JavaScript

Perl

Delphi/Pascal

JavaScript

Position

languages that run on virtual machines, with the underlying hardware being abstracted to a virtual machine for the language writer. Portability and programmer productivity have become the dominant themes, instead of squeezing out the last drop of performance by writing assembly language code. This trend is likely to continue further over the coming years. Given the multi-core evolution in computer architecture, effective support for concurrency will be another dominant theme for programming languages. Unlike imperative languages like C, C++ and Java, which support the notion of program state through shared variables, functional programming is all about functions as first-class citizens, and more importantly, the absence of side-effects such as global variable updates. Therefore, threading and parallelism become quite straightforward in functional languages. We are likely to see increasing support for functional programming being added to imperative languages. Given the difficulties associated with performance-efficient concurrent programming in languages like C, C++ and Java, support for transactional memory is another trend likely to continue in programming languages. I believe that a far more significant change that will take place over the next 10 years is the democratisation of programming. Programming software systems will not be limited to a select few expert programmers, but the languages will evolve and become so much simpler that most people will be able to write programs. The stereotypical geek programmer will slowly give way to the lay-person programmer who has domain expertise. It is not necessary to have advanced, in-depth knowledge in programming to write working code in Ruby or Python. The advent of libraries and frameworks makes it easy to write code quickly with minimal effort. Instead of writing software systems from scratch, programming will be more about writing glue code that ties together functionality from different libraries and frameworks. This trend will be driven predominantly by open source software.

OPeN SOurCe fOr yOu | february 2013 | 51

CodeSport

Guest Column

The next 10 years will be focused on data. Programming languages will evolve so as to facilitate processing of data to obtain actionable intelligence. If Fortran drove the development of high-performance scientific computing, and ‘C’ drove the development of complex system software like UNIX, the next few years will see languages like R, MATLAB and their successors evolve to process and prune data, and present the user with ‘intelligence’ from the data. The last 10 years drove programming languages to evolve towards the Web 2.0 revolution. The next 10 years will be about the evolution of programming languages for ‘Data Science’.

My ‘must-read book’ for this month

This month’s ‘must-read’ suggestion comes from me. It is not for a book, but an article that I strongly believe needs to be read by each aspiring programmer. It is titled ‘Teach Yourself Programming in 10 Years’ by Peter Norvig. For those who don’t know, Norvig is the director of research at Google, and a pioneer in the field of artificial intelligence. (On a separate note, his online class on artificial intelligence available in http://www. udacity.com is a great course to take.) Norvig presents his recipe on how to be successful in programming.

As we all know, there is no easy short-cut to becoming a successful programmer—no matter how many books you read that promise to teach you to be a C, C++ or Java programmer in three or 21 days. The article is available at http://norvig.com/21-days.html. If you have a favourite programming book or article that you think is a must-read for every programmer, please do send me a note with the book’s name, and a short write-up on why you think it is useful, so I can mention it in the column. This would help many readers who want to improve their coding skills. If you have any favourite programming puzzles that you would like to discuss on this forum, please send them to me, along with your solutions and feedback, at sandyasm_AT_ yahoo_DOT_com. Till we meet again next month, happy programming and here’s wishing you the very best!

By: Sandya Mannarswamy The author is an expert in systems software and is currently in a happy state between jobs. Her interests include compilers, multi-core technologies and software development tools. If you are preparing for systems software interviews, you may find it useful to visit Sandya’s LinkedIn group ‘Computer Science Interview Training India’ at http://www.linkedin.com/ groups?home=&gid=2339182.

Continued from page no 46...

The sinking of the Vasa

This sad, yet amusing, story may strike a chord with many software developers! Unfortunately, most software projects are strikingly similar to the story of how the Vasa was constructed. For example, requirements are volatile, and feature requests keep coming in. People involved in the projects are volatile as well, with key developers moving in and out. Aspects such as specifications and documentation are not given the necessary importance, and are considered a waste of time, especially under the guise of following an Agile/Lean approach. Testing is not automated, and the U

‘big-bang’ method of integration or systems testing is the norm. Finally, let's not ignore the unethical practice of hiding from the ‘king’ the stability problems found during testing and not sharing the obvious fact that the ship is likely to sink. Of all these, I would consider the lack of a disciplined approach to be the major cause of software failure – a factor that still plagues the industry. Yes, of course, agility is important. Hence, what software projects need to succeed is the right balance between agility and discipline, and a culture that learns from mistakes.

By: S G Ganesh The author works for Siemens (Corporate Research & Technologies), Bangalore. You can reach him at sgganesh at gmail dot com.

Overview

Admin

Security is an important part of an administrator’s job. This article presents what the author believes are the 10 most useful security tools.

Nmap

Nmap is an open source tool created by Gordon Fyodor Lyon that supports port scanning, operating system detection, version detection and more. Nmap can be useful to both network administrators and hackers! This very versatile tool for network mapping lets you learn many things about your hosts and their status. You should experiment with it in order to improve your knowledge, and read its man page (man nmap) to learn all about its possibilities. Network scanning is very useful for both checking and improving your network security. It's considered a good practice to periodically run Nmap and check for possible changes to its output.

Tcpdump and WireShark

Tcpdump is a very capable command-line utility that allows you to capture network data. It is based on libpcap, which is an open source C/C++ library for network traffic capture. You can capture your traffic using tcpdump but you can analyse it later using WireShark—another powerful tool that every Linux or network administrator should know about. Tcpdump has relatively simple, yet powerful commands; the

following Tcpdump command captures the traffic of the entire 10.10.10.0/24 network: $ sudo tcpdump net 10.10.10.0/24

WireShark also captures packets, and analyses and displays them in a human-readable format. WireShark allows you to follow a TCP/IP ‘conversation’ between two machines, view the data of the packets, etc. I suggest that you start by first learning Display Filters. The main advantage of WireShark over tcpdump is that it is a graphical application—but there is also a command-line version of WireShark. Remember that WireShark has an overhead, as a GUI application, and can lose network data on a busy network; Tcpdump requires less system resources than WireShark. Before you start capturing, it is better to have in mind a particular problem that you want to solve or examine. This is the first step towards successful network traffic analysis.

Nessus security scanner

Nessus is a vulnerability scanning program that can scan for the following types of vulnerabilities: OPEN SOURCE FOR YOU | FEbRUaRY 2013 | 53

Admin

Overview

Default or blank passwords. DoS attacks against the TCP/IP stack using invalid packets. Various misconfigurations, including old software versions and open mail relay. Various vulnerabilities that may allow a hacker to damage a system. Nessus is free of charge for personal use.

Your firewall

A properly configured firewall can protect your network from possible threats; it will keep external attackers out of your network. You should not forget to check the log files of your firewall software or hardware for odd error messages. I use the firewall capabilities of my Cisco ADSL router to protect my home network.

SQLMap

Nowadays, almost every website uses a database to store and retrieve data. SQLMap is an open source penetration-testing tool for detecting and exploiting SQL injection flaws. It supports MySQL, Oracle, DB2, SQLite, PostgreSQL, Firebird and Sybase.

Aircrack-ng

Aircrack-ng is a set of tools for auditing wireless networks. It supports WEP and WPA-PSK key-cracking. Your wireless network interface should support raw monitoring mode in order to work with it. It can capture 802.11a, 802.11b and 802.11g traffic.

Telnet

The initial purpose of Telnet was to allow users to connect and control machines remotely. The Telnet protocol uses a plaintext TCP connection to transmit and receive data—so when SSH, which uses encrypted and secure connections, was introduced, administrators switched from Telnet to SSH. Telnet is now rarely used to remotely access a UNIX machine, but can still be used for troubleshooting TCP/IP networks and services. The main benefit of using Telnet (run man telnet to see its man page) to manually simulate client-server interactions is that you see the raw data of the connection. Using Telnet to connect to a POP3 server or a website is better for troubleshooting because you see raw output, including control data, and therefore you can better comprehend the problem itself. For example, the following is the output of a successful POP3 transaction using Telnet: $ telnet mail.SOMEDOMAIN.gr 110 Trying 194.63.zzz.xxx... Connected to mail.SOMEDOMAIN.gr (194.63.zzz.xxx). Escape character is '^]'. +OK Greek Schools Network Mail Service (SCH) POP3 ready USER tsoukalos +OK PASS xxxyyyzzz +OK Logged in.

54 | FEbRUaRY 2013 | OPEN SOURCE FOR YOU

LIST +OK 108 messages: 1 1813 2 1816 3 143641 … 107 93059 108 3242 . quit +OK Logging out. Connection closed by foreign host.

Log files

This is not an actual tool, but log files are a very useful source of security-related messages that you should regularly check for abnormal messages. It is recommended that you create small scripts, in your preferred scripting language, to extract unusual messages from your log files. The following simple grep -w command displays the sudo (man sudo) related information found in the system.log file: $ grep -w sudo system.log

The ‘John the Ripper’ password cracker

Weak passwords are the No 1 security threat, so it is part of your job as a UNIX administrator to check for weak or empty passwords, and protect your Linux machines. The ‘John the Ripper’ utility can check if a password is easy to guess by trying to crack it using the brute-force method.

Summary

All the tools mentioned are very handy for system or network administration, and I think that you should add them to your arsenal of tools. When checking the security of a machine or a network, I suggest that you start with Nmap—and never forget that those tools are also available to attackers. Web links/bibliography • WireShark: www.wireshark.org/ • TCPDump and libpcap site: www.tcpdump.org/ • Internetworking with TCP/IP, Volume I, Douglas E. Comer, Prentice Hall • John the Ripper password cracker: www.openwall.com/john/ • Nessus: www.nessus.org • Apache log files: httpd.apache.org/docs/2.2/logs.html • SQLMap: sqlmap.org/ • Aircrack-ng: www.aircrack-ng.org/ • TELNET RFC: tools.ietf.org/html/rfc854 • Nmap: nmap.org

By: Mihalis Tsoukalos The author enjoys photography, writing articles, programming iOS devices and administering UNIX machines. You can reach him at tsoukalos@sch.gr and @mactsouk.

Let's Try

Admin

Combat Virtual Threats with IPCop Firewall

This article is an introduction to the special firewall distribution, IPCop.

n today’s world, dependence on the Internet has reached such a level that without it, the day-to-day work of many organisations will come to a standstill. As everybody is aware, when we connect to the Internet, a public IP address is assigned, which is used to access the Internet, and of course, can be used to track the actions from that IP address. The Indian IT Act 2000 and its amendments make the IP address holder responsible for all activities it has been used for. Thus, the management of a company that has subscribed to the Internet connection is responsible for all activities running on its IP address. This applies not only to the management team members, but to all authorised and unauthorised users accessing the Internet using that subscribed IP address. This 24x7 use of the Internet, business’ dependence on it, and emerging cyber laws have escalated the need to control and monitor Internet access like never before. The first step towards establishing this control is, of course,

a network-based firewall. Please refer to Diagram 1 for a typical example of an internal network connected to the Internet using an ADSL router. Good and properly configured anti-virus software, with a personal firewall, will meet the security requirements of most individual users who connect to the Internet. However, for any organisation where multiple users on a network access the Internet, it is absolutely necessary to look beyond these measures and opt for a network-based firewall. Large corporations with IT security budgets rely on commercially available firewalls for secure and controlled Internet access. These security products can be put to use very effectively to restrict Internet access, as per the company policy. However, they require continuous investment—first to purchase and install the product, followed by yearly renewals. For the management of small and medium-sized organisations, this may be a luxury. OPeN SOurCe fOr yOu | february 2013 | 55

Admin

Let's Try User Datagram Protocol (UDP), which does not guarantee delivery of the data, but has a smaller header. Here, higher-level protocols may take care of assured delivery. Both TCP and UDP protocols have 65535 ports each (2 to the power of 16, port 0 unused). Ports up to 1024 are reserved. For example, well known TCP ports are HTTP (80), HTTPS (443), FTP (21), telnet (23), whereas UDP port 53 is reserved for the DNS service.

ADSL MODEM Internet

Public IP

Private IP Internet Network

Diagram 1: Basic network

ADSL modem (shown) 192.168.8.1 red

192.168.8.2

IPCop Firewall/Router orange

192.168.3.1

BLUE

blue

192.168.2.1

green

192.168.1.1

192.168.2.2

switch or hub switch or hub

email server 192.168.3.2

web server 192.168.3.3

ORANGE

192.168.1.10

192.168.1.50 192.168.1.51

Server

Workstations

192.168.1.52 192.168.1.30

Printer

GREEN

Diagram 2: A typical firewall installation

Operation

A typical network firewall is installed between the internal network and the Internet; thus, all traffic between them passes through the firewall. For Internet connections via an ADSL modem, the firewall will be installed between the internal network and the ADSL modem, whereas for an Internet connection with an Ethernet connection, the firewall will replace the modem or router as depicted in Diagram 2. The firewall analyses everything passing through, and based on the configured policy, let’s through only ‘safe’ traffic. Various client computer systems request data from application servers simultaneously. A ‘port’ number is used to differentiate this traffic. A client requesting data from the server uses the destination port number of the corresponding service. For example, a computer system requesting HTTP data will use port 80. The traffic could use one of the following two protocols: Transmission Control Protocol (TCP), which guarantees delivery of the data, is reliable but has larger headers to accommodate the handshake signals and flags required for assured delivery. U

Caution: https://IPCOP:8443/cgi-bin/index.cgi will open URL Filter screen in IPCop 2.0.6. However, please be careful while configuring, some of the settings will not function as expected. Fully functional URL Filter is expected in IPCop 2.1 version. A firewall uses this port number to identify the traffic. In the HTTP example mentioned above, the firewall reads HTTP traffic to port 80, and passes it to the Internet only if it matches the desired policy. Unwanted websites and content as defined in the policy will be dropped. Typical functions of a network firewall can be classified into traffic control and others, as shown below. Traffic control functions are: Access from the Internet to the internal network Website access from the internal network to the Internet Download of various file types such as audio/video Port-wise access from the internal network to the Internet Bandwidth control Since all traffic between the internal network and the Internet passes via the firewall, it is the best point to provide various other functions such as: A VPN gateway between two networks connected via the Internet A VPN server for remote clients connecting to the internal network Authentication of local users for Internet access Generation of traffic graphs Logging Internet access

Why IPCop?

For a long time, the open source community has provided many options for network firewalls by releasing various distributions. They provide security and ease of configuration, and can be installed on practically any minimal-configuration computer system. The most important factor for SMBs is that these distros are free (under a GNU license) and do not require yearly renewals. One of the best of these is the IPCop firewall, which has a long history—it was forked from Smoothwall in 2001. Various releases followed, the most popular being IPCop version 1.4.21 (the last stable version available). The default v 1.4.21 had limited functionality, but was flexible enough to allow installation of various add-

Let's Try ons to enhance it to commercial-grade firewalls. A few of the popular IPCop add-ons, and their functions, are listed in Table 1. Table 1: Add-ons for IPCop v 1.4.21

No Add-on

Function

BlockOutPort-by-port blocking of traffic from Traffic (BOT) the internal network to the Internet

Zerina

Integrate OpenVPN server functionality in IPCop for remote client connection

AdvProxy

To increase functionality of the default proxy available in IPCop

URL Filter

Used to block unwanted domains, URLs and files

Installing IPCop with these add-ons converts the basic distribution to a fully functional firewall, which also includes free (and paid) updates for website blacklists. Installing addons requires additional configuration work. Administrators used to face various problems while installing, configuring and upgrading the add-ons. In particular, taking back-ups of various add-ons' settings was cumbersome, since IPCop's backup was only for the default settings (without add-ons). Also, new computer hardware, especially most of the network cards, SATA hard disks and flash drives were no longer compatible with IPCop 1.4.21.

IPCop Ver 2.0.x

The latest IPCop release, 2.0.x, addresses these difficulties. It incorporates BOT, Zerina and AdvProxy add-ons. URL Filter is also incorporated, but is expected to be fully functional in release 2.1. The latest release, as of January 1, 2013, is 2.0.6, which also includes drivers for the latest computer hardware and supports installation on flash drives as well.

Installation

Please refer to the June 2012 issue for the installation instructions of IPCop 2.0.4. Start by downloading the ISO image of the latest stable release (2.0.3) from http://ipcop.org/download.php. Burn it on a CD. IPCop installation is very simple and straightforward. You require a computer system with a minimum of two Ethernet cards, 512 MB RAM, a hard disk or flash drive, and a CD-ROM drive for installation. Start the installation by booting from the IPCop CD. The first screen greets you with the IPCop mission statement: ‘The bad packets stop here’; press Enter at the boot: prompt. Select the desired language; an information dialogue box tells you that pressing Cancel will reboot the system. Continue by clicking OK. Select the type of keyboard, the time zone, and enter the correct date and time, if required. Select the hard disk on which to install IPCop. Beware that all data on this disk will be erased. Then click OK to continue. Here, a very interesting screen greets you, irrespective of whether the installation is on the hard disk or on flash. Select

Admin

the desired disk type from Flash/Disk. The installer will make the required file systems and swap space, ask whether you have an older backup to be restored, and complete the installation. Reboot the system to continue to configure the box. Enter the host name and domain name, before selecting the Red (Internet) interface type and Ethernet card. Note that here you can configure any Ethernet card to any interface. In the earlier version, the first detected Ethernet was always assigned to Green, and it was tricky to change it later. Also, to identify the card easily, you can set it in ‘LED blinking on’ mode. Assign Green and Red cards, and enter the Green IP address and subnet mask. Also, select the Red type such as Static, PPPoE, etc. You may enable DHCP if desired, and enter root, admin and backup passwords to complete this part of the configuration. Box 1: IPCop interface colours IPCop has given colours to interfaces in an intuitive way. The Green interface represents the trusted internal network, Blue represents wireless or second trusted network, Red represents the Internet which is the most untrusted, and Orange is midway—a DMZ where computer systems that are accessible internally as well as from the Internet are installed.

Configuration

Reboot the system and wait till you see the login: screen (which can be used to log in as the root user). Use a client computer browser to open https://IPCopIP:8443 and authenticate yourself as the admin with the earlier defined password. The first step is to complete the set-up by configuring the Internet. This trial set-up uses PPPoE on the Red interface. Proceed to Network > Dialup, and enter the PPPoE username and password. From the Home screen (System > Home), click the Connect button to connect to the Internet. Configure the IPCop Green IP as the default gateway and DNS in the client TCP/IP settings. That is all... you can now start browsing securely.

Figure 1: System Update page OPeN SOurCe fOr yOu | february 2013 | 57

Admin

Let's Try

Figure 2: All menus

Figure 4: Services > Proxy

Figure 3: Status > Traffic Accounting

The next important step is to upgrade from 2.0.3 to the latest release. Start by checking whether new updates are available—go to the System > Update page. Select Refresh Update List and check for the availability of new updates. Do apply all the available patches. After updates, IPCop will be upgraded to the latest version 2.0.6 (as of January 1, 2013). A very helpful diagnostics screen, especially for flash installations, is the Memory section of the Status > System status page, which tells you whether sufficient memory is available. Flash-based IPCop installations stop functioning if the Ramdisk memory is full. IPCop supports alert emails; configure the required email settings to enable the feature. One of the interesting features built into IPCop 2.0.x is traffic accounting, which monitors traffic volume. This requires no further explanation; just look at Figure 3.

The Services > Proxy menu is one of the most important configuration menus of IPCop. In this menu, configuring an upstream proxy allows IPCop to access the Internet via an external proxy server. This will be required for Internet connections requiring proxy connectivity or in a local environment. If required, the username and password for the proxy server can also be configured here. IPCop can allow clients to access the Internet in the following two ways: • Transparent proxy: This enables all the requests from the Web browser to be forwarded to the Internet, requiring no browser re-configuration. In this mode, URLFilter settings control the HTTP traffic. However, HTTPS traffic goes unfiltered. Also, there is a possibility of users bypassing the URL filter mechanism. • Non-transparent proxy: This requires manual configuration of all browsers to use the Green IP address and proxy port of IPCop. Running in

SYN SYN/ACK ACK

Box 2: Stateful packet inspection IPCop is a stateful packet inspection firewall—this means that all outgoing traffic from the Green network to the Red network is tracked. Only incoming traffic in response to outgoing requests is allowed inside. All other traffic from the Red network to Green (without a corresponding outgoing request) is logged and dropped. U

Transparent Configuration

Client

SYN

SYN/ACK

ACK

Non Transparent Configuration

Diagram 3: Transparent and non-transparent proxies

Server

Let's Try

Admin

Figure 7: Logs – System logs

Figure 5: Firewall > Firewall settings

Figure 6: Logs > Log settings

non-transparent mode, coupled with blocking of direct HTTPS requests, ensures filtering of this and HTTP traffic via URLFilter. A proxy working in non-transparent mode terminates all connections to the Internet. Further, it initiates a separate connection to the Internet. Thus, there is no direct connection from the client system to the Internet, isolating the client system. The default firewall settings (Figure 5) enable all traffic from Green to Red. This menu also embeds a popular addon for the earlier version, Block Outgoing Traffic. The GUI has changed slightly for the embedded BOT. Caution: Be careful while you configure this; you may inadvertently open the firewall completely for Red to Green traffic. IPCop generates and displays various logs, on a last come-first-display basis, by default. Frequently, the most

recent logs are relevant and require to be seen. The Logs > Logs Settings page gives us a selection to reverse the chronological order of the log display. This menu also configures a time-frame to archive logs and summaries. The log information can also be passed on to a syslog server by specifying its IP address and protocol. IPCop enables viewing of various logs, which are also valuable for troubleshooting. Important options include Proxy, OpenVPN, DNS, Red logs, etc. An interesting Red log for the PPPoE connection is ‘Waiting for PADO Packets’ followed by ‘Red can not establish connection’. Most of the time, this spells an ISP-side error; just log a maintenance call. Various other setting options include browsing time restrictions, download throttling to the specified download speed limit, enabling only specified browsers to access the Internet, integration with Windows AD to allow AD authenticated access, and so on. To sum up, IPCop 2.0 provides a robust firewall, which can be configured to browse the Internet securely. Being available under the GNU license, it is free for all, and is in use widely across the world. So, happy browsing!

References • IPCop download: http://www.ipcop.org/download.php • IPCop forum: www.ipcops.com

By: Rajesh Deodhar Rajesh is a BE in Industrial Electronics, CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CCNA (Certified Cisco Certified Network Associate) and DCL (Diploma in Cyber Law). He runs a business in the name of OMEGA Systems and Services Pvt. Ltd. in Pune since 1990 in the area of computer hardware, networking, network security, firewalls and IS auditing. He has been instrumental in deployment of more than 50 IPCop-based firewalls in different verticals and with diverse configurations. Please send your feedback and queries to rajesh@omegasystems.co.in.

OPeN SOurCe fOr yOu | february 2013 | 59

Admin

Let's Try

T AT KA OK OO A A LLO

t p y r c e trtheuopen source security tool

I The last article covered Tripwire, which ensures the integrity of the file system. This article extends the security from the operating system and application files a level further. Disk encryption is predominantly used in critical open source infrastructures, for which TrueCrypt is widely used. 60 | february 2013

n the past, the security of data residing on the disks was seldom a priority. This led to the situation in which data was only securely stored and accessed as long as the disk was in the system. Having physical access to remove the hard disk, however, could let the attacker gain complete access to the data by simply plugging in the drive as a secondary volume in another system. This problem was more serious for desktops, where systems could be easily moved between locations, thus resulting in possible data leakages. This called for a means of encrypting the data in such a way that even if the disks are moved to a different machine, the contents of the volume are protected, and accessible only to authenticated owners. This required a strong encryption system on the disk itself, with the necessary authentication services.

Let's Try

Admin

How TrueCrypt works

TrueCrypt is a great open source tool for this purpose. It supports Windows and Mac platforms, and also supports almost all Linux distros. Typically, on Ubuntu and CentOS systems running in a business-critical data centre, TrueCrypt is widely used to encrypt disk volumes, to keep data safe from physical theft by prying attackers. It works on the principle of ‘on the fly’ encryption, whereby the encryption and decryption operations are performed once the authentication key is provided, and the process takes place transparently to the user. To achieve this, the utility installs kernellevel drivers (Linux) or device drivers (Windows) by hooking up with the disk management modules of the OS, thus acting as an agent between disk read/writes and the application layer. TrueCrypt can also create a single encrypted hidden volume inside an existing file-system volume, for elevated security. Since it can handle an entire mounted volume, it can be easily used to encrypt data on a USB pen drive too. As for the crypto processing, the utility does it so fast and seamlessly, that the user doesn't even know about it. Usually, such on-the-fly utilities demand heavy memory and CPU usage, but that’s not the case with TrueCrypt. It achieves this by making use of all CPUs and cores available on the system. It also uses a technique called pipelining, whereby a portion of the disk is read and decrypted in memory, acting as a buffer, in anticipation that the application would want to fetch that data piece. TrueCrypt requires a user-entered password to encrypt the volume, and also allows the selection of an algorithm for encryption. The following table lists the algorithms supported and the typical usage of each. Encryption Algorithm AES (256bit key) Serpent (256bit key) Twofish (256bit key)

Hashing Algorithm RIPEMD (160bit key) SHA-512 (512bit key) Whirlpool (512bit key)

Besides the keys, on Windows machines TrueCrypt allows the user to generate a random key by moving the mouse randomly. This key is fed to the encryption algorithm to further enhance its strength, thus introducing tighter data encryption security. It is important to note that there is no bypass or backdoor for the utility if the pass-phrase is forgotten. Due to the complex algorithms in use, it can practically take millions of years to crack an encrypted volume in such situations. TrueCrypt can also accept PKCS #11 protocol-based devices such as smart cards or secure-tokens. This makes it a must-have utility for volumes carrying seriously critical corporate data.

Installation

This utility can be downloaded from sourceforge.net/projects/ truecrypt/, or the latest available version from http://www. truecrypt.org. While installing on GUI-based Ubuntu or a similar distro, just unpack and double-click the binary archive to get it installed under Applications > Accessories > TrueCrypt. Figure 1 shows a screen shot of TrueCrypt being installed on an Ubuntu distro. Upon running the utility, it gives you a choice to either create an encrypted container, or a protected volume within a

Figure 1: A screenshot of TrueCrypt being installed on an Ubuntu distro

Figure 2: A sample installation screen on Windows

partition or disk drive mount. The next step is to select encryption and hash algorithms, and the pass-phrases. Figure 2 shows a sample installation screen on Windows. Depending on the system’s hardware configuration, it may take a while for TrueCrypt to process the data. This can be significantly long for a high volume of data. IT administrators are advised to try some hands-on work and gain expertise on the utility in a lab set-up, prior to deploying it on their production infrastructure. This is because there is no mercy or trick to retrieve locked data if the pass-phrase is forgotten. The drive or mounted volume under TrueCrypt will be totally inaccessible under such situations. This also calls for tighter security mechanisms to store the key in a safe location. Since it performs encryptiondecryption on the fly, disk fragmentation occurs quite often; hence, for better system performance, administrators are also advised to defrag the volumes periodically. TrueCrypt is installed on businesscritical production systems including Web servers, file servers, email servers, etc, which makes it a standard utility for IT infrastructures where business data security is paramount. By: Prashant Phatak The author has over 22 years of experience in the field of IT hardware, networking, Web technologies and IT security. Prashant runs his own firm called Valency Networks in India (http://www.valencynetworks.com) providing consultancy in IT security design, Security Penetration Testing, IT Audit, infrastructure technology and business process management. He can be reached at prashant@valencynetworks.com.

OPeN SOurCe fOr yOu | february 2013 | 61

Admin

Insight

Switching to IPv6? Here are Some Must-Try Options! It is practically impossible and not particularly desirable to replace all your existing computing and networking equipment with IPv6 equipment at once. But what is expected from IT managers today is that when they buy new IT equipment during routine technology upgrades or while the business scales up, they can ensure that the equipment is IPv6-ready.

t’s high time for us to make way for IPv6 as the revolution has finally arrived in India. The Indian Registry for Internet Names and Numbers (IRINN) has begun issuing the next version of Internet addresses, 'IPv6', which would allow security agencies to identify each Internet user based on the different IP address given to them. The Internet addresses under the present version IPv4 (Internet Protocol version 4) are limited and service providers often assign a single IP address to many users. "The number of IPv6 addresses available is enormous. ISPs (Internet Service Providers) can allocate an IP address to each of their users. People can be easily identified if they are using IPv6," said Sanjaya, director, Services and Operations, APNIC, which is one of the five bodies authorised to issue Internet addresses, and is recognised by the IRINN for issuing IP addresses in India. So, now is the time for you to get ready for IPv6.

The Internet has become indispensable for business and governance, worldwide. Some reports claim that as many as 2 billion individuals connect to the Net every day. The enormous popularity and increasing adoption of the Internet has led to a shortage of Internet Protocol (IP) addresses needed to uniquely identify each device that accesses the Internet. Running out of Internet addresses would have disastrous worldwide consequences, as the ability to add and connect new devices would come to a halt. A new and much larger type of address known as IPv6 avoids this issue. IPv6 has become a norm across the globe. But the IPv6 address is not compatible with the existing IPv4 structure. Further, it’s not possible or economically desirable to replace all networking equipment and all devices to IPv6 all at once. What’s needed are solutions that allow IPv6 to co-exist with the existing IP address type, IPv4, and

Insight for electronic information using one address type to be delivered to devices using the other. Commenting on the beginning of the IPv6 era, Prem Nithin, business development manager, Borderless Networks, Cisco India, said, “If you look at things on the ground, the era of IPv4 is not yet over for enterprises. Most of the enterprise customers are seriously looking to have IPv6 deployed at their organisation but there is no compelling reason, yet, for them to do so. There is no deadline-linked need to have IPv6 as of today, because these enterprises are still content with IPv4. Having said that, I will not deny that they are looking for testing Ipv6 majorly, creating their applications accordingly and also incorporating it in their parallel set-up. “Verticals like the BFSI and IT/ITes, which are large consumers of IT equipment, are seriously exploring IPv6 as an option. The BFSI sector, in particular, is doing that because of the mandate from the RBI. Till last year, they were only talking about IPv6 but RBI guidelines have now forced them to be IPv6 compliant by the end of March. So this sector is seriously looking at what are the dependencies when it comes to enabling IPv6 on the Internet, and what they will have to do on the application side, the networking side, for firewalls, routers and all the other things involving IPv6. We are aggressively involved with financial institutions in terms of helping them enable IPv6. Now what they do for their internal networks is something that has still not been taken up very seriously by them because their primary focus is to get their Internet apps working on IPv6. Their payment gateways, and Visa and Mastercard gateways have to be IPv6 ready. They will only turn their focus onto the internal aspects of the transition after they get the Internet edge on IPv4. They would then want to come out with a strategy as to what to do on the internal network. They will have two choices: they can either do a dual stack of IPv4 and IPv6 or they can get away with IPv4. These discussions have just started.” IT managers are one of the major target audiences for companies working on offering products that help transition from IPv4 to IPv6. K P Unnikrishnan, APAC marketing director of Brocade Communications, says, “Transition from IPv4 to IPv6 is not something that can happen at one go. It has to be in stages, and IT managers have to be well prepared for it before they venture into it. Before an IT manager plans to take his company onto IPv6, he has to understand the technical aspects involved in this transition. IT managers are well aware of the fact that they have to be educated on both levels—at the technical level as well as the business level.” He adds, “As end users, IT managers will come across several product and service providers offering IPv6 solutions. So you need to be well informed technically, academically and on the business front—enough to select

Admin

a solution. The deployment has to be done phase-wise. So, one cannot really make a judgement on the investment required for this job. Nobody does a 100 per cent shift, endto-end. With an investment of US$ 50,000 to 100,000 you can start implementing IPv6 deployment in a phased manner in your company.”

Things you must consider when migrating to IPv6

It is practically not possible, or desirable, to replace all your existing computing and networking equipment with IPv6 equipment at once. But what is expected from IT managers is that when they buy new IT equipment during regular technology upgrades or while the company is scaling up, they can ensure that the new equipment is IPv6-ready. Migrating to IPv6 is as much of a business decision as a technical one. So when you decide on when to and how to migrate to IPv6, you should conduct both a business analysis and a technical analysis. While you are doing the technical evaluation, it is important to understand the options being offered and also evaluate which ones suit your business better. We have listed some of these technical options below.

ISP-provided IPv6 network address translation services

If you do not want to convert any of your existing Ipv4 routers to IPv6-compliant ones right away, you can still communicate with your customers and suppliers. Unnikrishnan emphasises, “Firms can rely on ISPs that offer network address translation (NAT) services to keep them connected to IPv6 devices outside their own network. NAT can be thought of as a special forwarding service that can read one type of IP address and figure out what the corresponding address is for the other type. Since the applications that many companies rely on to run their businesses are using IPv4 in the data centre and campus (LAN), there is no pressing need to migrate, as long as they can continue to connect to their customers and suppliers over the Internet via an ISP-supplied NAT service.”

Dual-stack routers

Dual-stack routers come to the rescue of all IT managers looking to get IPv6-ready without a major investment. All they need to ensure is that the new network routers they purchase are capable of operating with both IPv4 and IPv6 address types. This is called ‘dual stack’. Unnikrishnan says, “In this case, networking protocols are layered in a stack like a cake. At the routing layer, the equipment can handle IPv4 or IPv6 address types and traffic; hence, they are dual-stack routers. This does

Continued on page no 66... OPeN SOurCe fOr yOu | february 2013 | 63

For U & Me

Overview

Android Malware: The Troublesome Ten This article covers the 10 most deadly malware that hit the Android world.

ou’ve received your latest cell phone bill, and it claims that the amount due from you is Rs 5,546—but you have only made a few local calls, sent a few texts off and on, and subscribed to an economically feasible data plan. Even if you give that New Year’s Eve party the benefit of doubt, this bill makes no sense, does it? What if I tell you this amount isn’t a result of any billing error, and represents your actual usage? How, you might wonder? A valid doubt, but to answer it, let’s try a brief flashback. At the dawn of Christmas day, you rushed to the tree, and were excited to discover that Santa left a present for you. Hurriedly you opened it -- only to find the latest Android phone that you had wished for. In no time, you loaded it with all kinds of apps that you had heard about from your friends, the Internet, and other such sources. All was going well until the day you received that bill. If only you had taken a moment to consider the age-old advice, “Always know what you’re getting into,” from Kappler Inc, before loading your new phone with all those ‘wonderful’ apps. One of the apps you loaded was infected 64 | February 2013 | OPeN SOurCe FOr yOu

with the malware called Android.trojan.SMSsend, which sent premium-rate SMSs to preconfigured numbers, while you were enjoying the benefits of that app.

And the deadliest 10 Android malware are….

So now that I have drawn your attention to this aspect of your Android device, I’d like to provide some insight into what other havoc these malware can create. Here are the top 10 malware that raised hell in the otherwise peaceful life of Android users: 1. Android.Trojan.SMSSend: This malware can sneak into your device via advertisements in free apps, fake apps (apps that are rogue, and usually require the user to send a SMS to a premium-rate number for activation, or other similar activity), etc. Once inside your Android device, it sits silently and starts sending SMSs to premium-rate numbers. These premium-rate numbers are either preconfigured in the malware, or are picked up from the command and control centre. It has the capability to launch itself on reboot. It can also access the contacts stored in your device, and send each one

Overview

of them an SMS with the download link to some fake app infected with this same malware. Android.Trojan.GingerMaster: GingerMaster is one of the first malware to use the root exploit (a vulnerability by which an app can gain admin access without having to install the rooted ROM). As the name suggests, it affects devices running the Gingerbread (2.3.3) version of Android. This enters a device when the user installs an app that’s infected by this malware. Once it’s in, it gains the root (administrator) privileges on the device, and publishes the device information (IMEI, IMSI, etc) to the command and control server. The attacker can also gain remote control of the device via this malware. It can also download and install apps without the users’ intervention or awareness. Android.Trojan.FakeInst: This is a nasty piece of malware that’s hard to catch, and steals money. Like the fox in Little Red Riding Hood, it disguises itself as a genuine app. It can morph itself into a browser, an IM app, or even an antivirus, deceiving users into believing that they are installing genuine apps. Once installed, it sends SMSs to premium-rate numbers with or without user intervention. To avoid detection, it can change its icon and its file size (by inserting images). Android.Trojan.FakeDoc: Let’s admit it; when it comes to smartphones, we’re all looking for ways to optimise its battery performance. This malware takes advantage of the universal desire to get our smartphones to last another day without a recharge. This comes free with the app Android Battery Doctor, and has the capability to upload your Personally Identifiable Information (PII) to the control server. This information may include your device IMEI, device location, OS version, Google account information, etc. The link: http://goo.gl/Vmflm explains in detail how this malware works. A must read! Android.FakeApp: This malware explores the concept of the evil twin. The attacker creates an evil twin of a legitimate app, and publishes it on the Google Play Store using a different publisher ID. Though these fake apps have a short lifespan, as they are easily identified as rogue apps, they can still create havoc. When a fake app is installed, it bombards the user with advertisements, collects personal information, notifies the user of other apps by the same publisher, and it can also push the app on social media platforms like Facebook and Twitter. Android IRCBot: Discovered in May 2012, this malware comes in with the game Madden NFL 12, and has three components, apart from the main dropper component (used to deploy other components): Linux/Exploit-Lotoor.a (malware that

For U & Me

discovers root exploits available on an Android device), Android/IRCBot.a (IRCBot malware) and Android/SMS.gen (SMS-sending malware that works similar to Android.Trojan.SMSSend). Since it is a 3-in-1 malware, it is also thrice as devastating. It can steal your money, grant remote access to your device and publish all PII stored on the device on IRC. A detailed analysis of this malware is given at http:// goo.gl/7lbT0. 7. Android/MarketPay.A: Another money-stealing malware, it sits in the background and has the capability to purchase apps on its own, without your knowledge. It works in a very neat manner—initiates a purchase request, and as a result of this request, a confirmation code is sent by the app store. This code is intercepted by the malware, and it authorises the purchase. Upon successful purchase, it deletes all the remaining evidence (like billing messages, purchase confirmation message, etc) from the device. 8. Android/Funsbot.A: This one is a critical threat, as it can turn your device into a zombie machine (aka a botnet client). Like any botnet client, it talks to the command and control server to take instructions, through which files can be downloaded or uploaded to and from the device. It also gives an attacker the power to explore the directories of an infected device. Coupled with any of the above malware, it can be used to launch an Advanced Persistent Threat (APT). This kind of malware can also be used to conduct corporate espionage (gathering information about competitors, using illegal means), cyber warfare and other purposes. 9. Android/Backscript.A: Here’s an advanced Android malware that can update itself even when it’s in the wild. Being a botnet client, it talks to the command and control server to get updated commands and functionality. At the core of it is JavaScript to provide the self-updating facility. 10. Android/Plankton.A: This malware was discovered in June 2011. Upon its discovery, it was found that ten apps, available on Google’s Play Store (then Market Place), were infected by this malware. When inside the device, it is launched as a service. It collects information about applications installed in the device, its security settings, etc, and sends this to a server over HTTP. This server returns the URL of a JAR file, which is downloaded and executed. Using this technique, it can bypass all the application checks enforced by app stores. A detailed analysis of this malware is given at http://goo.gl/mABfR.

Bonus read: PlaceRaider—visual malware

Though this article was about the 10 deadliest Android malware, this one’s worth a mention. A team of curious OPeN SOurCe FOr yOu | February 2013 | 65

For U & Me

Overview

Georges at Indiana University and the US Navy came up with this amazing malware. It uses a smartphone’s camera, gyroscope and accelerometer to create a 3D model of the target’s premises. This model can then be used to extract financial and personal information. Interested readers can visit http://goo.gl/hdGpD to download the research paper published on this project.

“So how can I protect my device?”

A new malware is unleashed on Android users every minute. It’s like that famous dialogue from the movie Spiderman (with slight modifications), ‘With great popularity come great threats’. It was true for Microsoft Windows, and it’s now true for Android. So what can you do to protect your device from all these lurking dangers? A few precautionary measures are listed below: Always use the Google Play Store to download apps (chances of catching an infection are less here). Even if you’re downloading from unofficial stores, verify the authenticity of the publisher and the app by Googling about them. (At least you’ll make an informed decision.) Install a mobile anti-virus. All the good options are available in Google Play Store -- Norton, Kaspersky, McAfee, BitDefender, etc. If you come across a rogue app, or your device gets

infected by a malware, make sure you report it (it won’t help your case, but might save many others). I’d advise against rooting your device, but even if you are doing it, verify the credibility of the ROM developer. Turn off your device’s Wi-Fi, Bluetooth, GPS, NFC, etc, when not required (it will save your phone from being hijacked). Going by the current reports and predictions of all leading security researchers, the year 2013 isn’t going to be an easy one for Android users. eSecurity Planet predicts that Android malware infection will rise to 18 million by the end of this year. BitDefender has dubbed 2013 as ‘the year of mobile malware’ for Android. Given the popularity of the Android platform, these predictions might actually come true. If for any reason you’re having second thoughts about Android after reading this article, please note that it was written to increase awareness about these malware, since ‘knowing what you’re getting into’ helps. By: Uday Mittal The author is an open source enthusiast and likes to experiment with new technologies. He provides personalised solutions to SMEs and can be reached at mittal.ud@gmail.com.

Continued from page no 63 not mean that the routers translate IPv4 addresses into IPv6 or vice versa. It only means that the equipment can connect to independent IPv4 and IPv6 networks simultaneously. An important consideration is that the amount of work done by dual-stack routers increases substantially. Therefore, higher performance equipment should be specified to ensure it can keep up with the combined workload of IPv4 and IPv6 traffic.”

Tunnelling

This is yet another process that enables companies to become IPv6 ready without much effort. According to a white paper from Brocade Communications, “Tunnelling allows an ‘envelope’ using one address type to be put inside another that uses a different address type. For example, an envelope using IPv6 addresses can be put inside an envelope that uses IPv4. This envelope can then be routed over an existing IPv4 network. At the destination router, the outside IPv4 envelope is discarded, and the IPv6 envelope is used to forward the electronic information to an IPv6 device. This can also work the other way, by putting IPv4 envelopes inside IPv6 envelopes. Although tunnelling can be used to move incompatible envelopes across dissimilar networks, this approach complicates network design and management, 66 | February 2013 | OPeN SOurCe FOr yOu

and can create unexpected security holes, so it has to be carefully designed.”

Network Address Translation (NAT)

This method involves address translation between the IPv4 and IPv6 address types. This is a method worth trying because not many Web applications and IP telephone signalling protocols support IPv6 addresses, as of now. Unnikrishnan says, “Companies that leverage the Internet heavily, or have a large investment in IP telephone systems, will need to maintain the IPv4 information used by these applications and devices to ensure that existing monitoring and management tools do not break. Investing in NAT at the application layer, instead of just a dual-stack router, preserves the substantial investment in monitoring, business intelligence and management tools that many applications use, and which companies depend on for their competitive advantage. With NAT, they can communicate with customers and suppliers, regardless of which IP protocol is used, and can better manage the cost and risk of rebuilding a large part of their business applications and existing IPv4 networks.” By: Diksha P Gupta The author is assistant editor at EFY.

Overview

For U & Me

Ten Popular Open Source

Media Players

Even though music is extremely popular, music players are often not researched deeply, no matter what the OS may be.Yet, a music player is usually one of the most-used applications in a mobile device. This article offers a list of ‘Top ten’ open source music players. february 2013 | 67

For U & Me

Overview

Listen Music Player

Well, if nothing else, the name is straightforward! You do listen to music, don’t you? Coded in Python, Listen is a full-fledged music player and manager tool for GNOME. If you haven’t used Listen before, you will find it to be a cross between Rhythmbox and Banshee. The interface is divided into three panes: the extreme left pane is the playlist, the middle pane is the navigation console while the one on the extreme right is the track information section. All in all, Listen is a wonderful music player. It lets you manage your podcasts as well as browse Last.fm and Shoutcast directories. Link: http://www.listen-project.org/

Banshee

Banshee is not a new app but has been around since 2005. It can sync devices as well as scan your hard drive for music files. Just plug in your Android phone or iPad, and Banshee will take care of the rest (yes, I have actually seen it detect an iPad, out of the box). Beyond that, Banshee can also help you manage playlists and organise your collection. Plus, it supports video formats as well – though it is best known for its audio playing capabilities. Link: http://banshee.fm/

Miro

Consider Miro to be the ultimate video player that you will ever need! It can play videos, support multiple file formats, as well as connect to the Internet to help you grab the video of your choice! Miro comes with its own ‘Channel Guide’ to help you access online video sources, such as Hulu.com.

RIDING THE POPULARITY WAVE: VLC media player

without bugging you for codecs, and also comes with streaming capabilities. On the downside, VLC Media Player severely lacks media managing and organising capabilities, which are easily found in the likes of Banshee or even Miro. Link: http://www.videolan.org/vlc/index.html

Rhythmbox

Rhythmbox is a music management application for GNOME users. It draws inspiration from Apple iTunes, and also has the ever-powerful GStreamer media framework behind it. It comes with support for channels or junctions such as Last.fm, Magnatune and Jamendo, and since it is based on GStreamer, getting it to play multiple file formats is an easy task. Furthermore, Rhythmbox, just like Banshee, helps you organise your music collection well, and also has the ability to detect devices such as iPods and Android phones. Link: http://projects.gnome.org/rhythmbox/

Amarok

Amarok is to KDE what Rhythmbox is to GNOME. A powerful music player, it also has its own share of UNIX and Windows variants. It is based on QT4 and comes with integration for Last.fm as well as its own Lyrics Tracker, and lets you build your own database on the basis of your music collection. And just in case it matters, Amarok has a gorgeous icon. Link: http://amarok.kde.org/ A look at Miro

You can also buy music from online stores directly within Miro, connect and sync to your Android phone or Kindle Fire, as well as download stuff using torrents. If you love watching videos and movies on your computer, Miro is must-have software. Link: http://www.getmiro.com/

VLC Media Player

VLC Media Player has become a household name, when it comes to music players. It is an open source and cross-platform multimedia software that lets you listen to your music collection, watch videos from DVDs as well as your hard drive, and so on. It plays most file formats 68 | february 2013 | OPeN SOurCe fOr yOu

Totem

Totem is a video player for GNOME environments. Just like Rhythmbox, it also has the GStreamer framework to watch its back. Once you launch Totem, you will probably find it unimpressive and bland—yes, the interface looks right out of the 1990s. However, it is one piece of truly sophisticated software: it comes with its own plug-in for Mozilla Firefox to help you play videos right inside the browser, as well as a video properties’ helper for the command line. While Totem can play audio files too, it is best suited for videos. Link: http://projects.gnome.org/totem/index.html

Continued on Page 75

Cloud Corner

For U & Me

Ten Open Source Cloud Computing Resources You Should Know About Cloud computing is the preferred choice for most organisations today, and a number of open source products are available in this domain.We take a look at some of the best.

Hadoop

CloudStack

Zenoss

Cassandra

Libcloud

Eucalyptus OpenStack

OpenNebula Deltacloud

loud server management, cloud management and cloud monitoring products are the basic ingredients for the perfect cloud recipe. Open source initiatives for IaaS, cloud monitoring and cloud management have gained popularity not only in private cloud implementations, but their use is now being pioneered in hybrid cloud implementations too. Cloud management and monitoring services are ideal for checking on the performance of resources, compliance auditing and security. The elastic and flexible nature of the cloud has been extensively used by the open source software framework that supports data-intensive distributed applications. Let’s look at some of the popular open source cloud computing resources.

1.OpenStack

OpenStack offers open source software to build public and private clouds. It was started by Rackspace (the Cloud Files platform) and NASA (Nebula) in 2010. Currently, Intel, Cisco, Dell, HP, AMD, Canonical, SUSE Linux, Red Hat and IBM have joined the OpenStack project. It is released under the Apache

JCLOUDS

licence. There are three main service families under OpenStack: 1) The Presentation Layer interacts with users to accept and present information; 2) the Logic Layer handles intelligence and control functionalities for the cloud; and 3) the Resources Layer contains compute, storage and network resources for the cloud. OpenStack has a modular architecture, which includes components such as compute, object storage, image service, identity, dashboard, networking, and block-storage. OpenStack has Amazon EC2 and Amazon S3-compatible APIs. The use cases are: Service providers offering an IaaS compute platform. IT departments provisioning compute resources to teams and projects. Big Data processing with Hadoop. Scaling up and scaling down resources to meet demand for Web resources and applications.

2.CloudStack

CloudStack is an open source cloud computing software for creating, managing, and deploying Infrastructure as a Service OPEN SOURCE FOR YOU | FEbRUaRY 2013 | 69

For U & Me

Cloud Corner

(IaaS) clouds in service-provider environments (the public cloud) or enterprise environments (the private cloud). It supports hypervisors such as VMware vSphere, Oracle, KVM and XenServer for virtualisation. CloudStack implements the Amazon EC2 APIs, Amazon S3 APIs and vCloud API in addition to its own API. CloudStack was originally developed by Cloud.com, which released most of CloudStack under the GNU General Public License, version 3 (GPLv3). Citrix released the remaining code under GPLv3. CloudStack 3.0.2 is the latest stable version, which was released on May 17, 2012. Citrix donated CloudStack to the Apache Software Foundation, and it was accepted as Apache Incubator. Citrix changed the licence to the Apache License version 2.

Cloud Controller

Cluster Controller

Cluster Controller Node Controller

Node Controller

Figure 1: Eucalyptus components

OpenStack

Eucalyptus

CloudStack

Open Source

Yes

Components

Nova (compute) Swift (object storage) Glance (image service) Keystone (identity management) Horizon (GUI interface)

Cloud Controller (CLC): Manages the virtualisation resources and APIs. Provides Web interface. Walrus (S3 storage) Cluster Controller (CC): Controls execution of VMs and their networking. Storage Controller (SC): Provides block-level storage to VMs (EBS). Node Controller (NC): Controls VMs via hypervisors

Management Server. Hypervisor Nodes. Storage Nodes. Layers: Zone, Pod, Cluster, Host, Primary Storage, Secondary Storage

Code-base

Python

Java, C

Java

Hypervisors

Xen, KVM, UML, LXC, VMware

Xen, KVM, VMware

Xen, KVM, VMware, Citrix XenServer

Strengths

Growing community. Corporate support. Single code-base.

Good commercial support. Fault-tolerance. Offers a hybridcloud solution with AWS.

Well-rounded GUI Stack is fairly simple. Customisation of the storage back-end.

RightScale Support

Yes

API

Yes

AWS API Compatibility

Yes

Live Migration

Yes

VMware Hypervisor Support (ESX, ESXi, vSphere)

Yes

Yes (Available with subscription to Support)

ESXi

Snapshots

Yes

Self-service User Portal

Yes

Yes (Available with subscription to Support)

Yes

Cloud Corner It supports the end-to-end functionality required for infrastructure as a service, which includes compute, storage, network and user management; the RESTful API, the user interface and command-line tools. CloudStack installation is done in two parts: 1) The management server; and 2) the cloud infrastructure. The latter is managed by a management server. CloudStack supports two types of networking —AWS-style networking and advanced networking for more sophisticated networks.

3.Eucalyptus

Eucalyptus is an open source + commercial private IaaS service provider. Eucalyptus is the short form for ‘Elastic Computing Architecture for Linking Your Programs to Useful Systems’. Main Features of Eucalyptus: Compatibility with Amazon Web Services API. Installation and deployment from source or DEB and RPM packages. Secure communication between internal processes via SOAP and WS-Security. Support for Linux and Windows virtual machines (VMs). Support for multiple clusters as a single cloud. Elastic IPs and security groups. Users and groups management. Accounting reports. Configurable scheduling policies and SLAs. Each Eucalyptus cloud will have one or many Node Controllers per Cluster Controller. This controls VM activities—launching instances, inspection, termination of instances, and the clean-up. The Cluster Controller manages a collection of Node Controllers, manages access to public and private networks, controls execution of VMs, and manages virtual networking. Each Eucalyptus cloud will have multiple Cluster Controllers. A Cloud Controller manages virtualised resources; each Eucalyptus cloud will have a single CLC.

4.OpenNebula OpenNebula manages virtual infrastructure to build private, public and hybrid infrastructure as Service Clouds. It orchestrates storage, network, virtualisation, monitoring and security. This open source project lets you build and manage virtualised enterprise data centres and IaaS clouds with core values such as openness, excellence, cooperation and innovation. OpenNebula was initiated as a research project in 2005 by Ignacio M Llorente and Ruben S Montero, and was released under the Apache licence. OpenNebula provides AWS EC2 and EBS APIs, and the selfservice portal for cloud consumers. It provides a powerful CLI that resembles typical UNIX commands. A catalogue of ready-to-run virtual appliances is available in the Appliance Marketplace. It provides support for hybrid cloud computing, with connectors for AWS. Security is available via user, group and role management,

For U & Me

as well as access control lists, auditing, and isolation at different levels. OpenNebula adheres to a modular and extensible architecture; thus, it is very easy to implement third-party tool integration. Customers get the best community support and SLAbased commercial support directly from the developers.

Distributed computing 5.Hadoop

Social networking (Twitter, Facebook, LinkedIn, etc), Web search engines (Google, Bing), and mobiles are some sources of big data. Scientists, analysts and architects deal with big data on a routine basis. The major part of this data has comprehensive and undiscovered relationships, which do not fit into traditional relational models. Apache Hadoop is a software framework inspired by Google's MapReduce and Google File System (GFS) papers. Hadoop MapReduce is a programming model to write applications that rapidly process huge amounts of data in parallel, on large clusters of compute instances. Hadoop can be used to analyse and process a variety of data to extract significant business operations intelligence, which remained hidden earlier. In normal scenarios, data moves to the computation node and then it is processed; but in Hadoop, data is processed where the data resides. The types of questions Hadoop helps answer are event analytics, large-scale Web click-stream analytics, revenue assurance and price optimisations, financial risk management and affinity engine, etc. Amazon Elastic MapReduce is a Web service in the category of a public cloud. It enables researchers, analysts, developers and organisations to process vast amounts of data easily and cost-effectively. It utilises a hosted Hadoop framework running on the elastic infrastructure of Amazon Elastic Compute Cloud (Amazon EC2) and Amazon S3, and pre-configured EC2 instances (slave nodes) to distribute the MapReduce process.

6.Cassandra

Apache Cassandra is an open source distributed DBMS, which is a top-level project of the Apache Software Foundation. It is designed to handle very large amounts of data spread across many commodity servers. It provides a highly available service, which has architecture to prevent single point of failure. Apache Cassandra was developed at Facebook. In July 2008, it was distributed as an open source project on Google Code, while in March 2009, it was an Apache Incubator project and then released as a top-level project. Cassandra provides a structured key-value store, where each node in the cluster has the same role. Data is distributed across the cluster, and each node can serve any request. It supports multi-data-centre replication for redundancy and disaster recovery. Data is automatically replicated to multiple nodes for fault-tolerance. It can be easily integrated with Hadoop with MapReduce support. Apache Pig and Apache Hive integration is also supported. There is also an SQL-like alternative called OPEN SOURCE FOR YOU | FEbRUaRY 2013 | 71

For U & Me

Cloud Corner

Cassandra Query Language (CQL). For Java (JDBC) and Python (DBAPI2), language drivers are available. Cassandra is a hybrid between a key-value and a tabular database. Each key in Cassandra is mapped to a value, which is an object; values as columns, and columns are grouped into sets, which are known as column families. Column families have rows and columns, where each row has a row key and multiple columns. Column families can be grouped in super column families. Cassandra supports client libraries for Python, Java, .NET, Ruby, PHP, Perl and C++. It is integrated with Ganglia and has a plug-in for Nagios as well, for monitoring purpose.

Discovery and configuration Business Services Application

Reporting

Virtual Servers Physical Servers

Performance and availability

Network Power / Environment

Alerting and remediation

Management

Fault and event management

7.Deltacloud

Deltacloud is an API written in Ruby whose stable version is 1.0.3, developed by Red Hat and the Apache Software Foundation, which abstracts differences between various cloud offerings. It was first announced on September 3, 2009. Each IaaS provider such as AWS, Rackspace, Eucalyptus, VMware, OpenStack, CloudStack etc, provides its own cloud API. Different APIs are difficult to deal with to manage diverse cloud offerings, and thus Deltacloud provides relief with a unified REST-based API, which can be used to manage services on any cloud. It provides an API server and the drivers necessary to connect to cloud service providers. Amazon EC2, IBM SmartCloud, GoGrid, OpenNebula, Rackspace, Eucalyptus, VMware, OpenStack and others are supported providers.

8.JCLOUDS

JCLOUDS is a cloud interface, an open source library, which can be used by experts with Java and Clojure development skills. It offers BlobStore and ComputeService API abstractions as Java libraries. It uses concepts such as maps to have a familiar programming model. It provides locationaware abstractions considering ISO-3166 codes to identify which country a cloud runs in. It provides asynchronous commands and encryption modules to customise configuration to match performance and security needs. JCLOUDS enjoys the support of more than 25 cloud providers. AWS-Cloudwatch, AWS-EC2, Cloudstack, Deltacloud, Eucalyptus (generic), GoGrid, OpenStackNova, OpenStack-Nova-EC2, and VCloud (generic) are the providers supported by the API.

9.Libcloud

Libcloud is a Python library for multi-cloud management, which abstracts away differences among multiple cloud provider APIs. It was initiated by CloudKick, and now is a part of Apache Incubator. Libcloud is composed of multiple self-sustainable components, such as Compute-Cloud Servers, services such as Rackspace and AWS, storage services such as Rackspace Cloud Files and AWS S3, Load Balancers as a Service, and DNS as a Service. Each component provides a ou

Figure 2: Zenoss

simple and easy-to-use API, which works well with supported cloud providers. AWS, OpenStack, OpenNebula, GoGrid, IBM, VMware, etc, are some of the supported providers. Libcloud supports Python 2.5, Python 2.6, Python 2.7, PyPy, and Python 3 (since 0.7.1).

Monitoring 10. Zenoss

Zenoss is an open source application, server, and network management platform released under the GNU General Public License (GPL) version 2, based on the Zope application server. Zenoss Core consists of open source technologies such as the object-oriented Web server, Zope Application server; an extensible programming language (Python); the monitoring protocol Net-SNMP that collects system status details; graph and log time-series data by RRDtool; open source database, MySQL; and the event-driven networking engine, Twisted. It provides an easy-to-use Web interface to monitor performance, events, configuration and inventory. There are a number of products and tools in the market, which provide monitoring of on-premise/cloud environments. Zenoss is one of the best for unified monitoring, since it is cloud agnostic. Zenoss monitors networks, servers, HVAC and power, and applications using agent-less technology. Zenoss involves configuration, performance, availability, fault and event management, alerts and remediation, as well as reporting. It supports integration using Web Service APIs (XML-RPC and REST), XML import/export and a Python Scripting Shell.

By: Mitesh Soni The author is a technical lead at iGATE. He is in the Cloud Services (Research & Innovation) Group and loves to write about new technologies. Blog: http://clean-clouds.com

Overview

For U & Me

Explore the Power of the Bench Calculator This second article on the mathematical journey through open source takes you through the basics of the bench calculator.

aced with the limitations of the shell command expr and other shell constructs, let’s set out to explore the powerful command bc, which stands for bench calculator. This is not just a command or tool, but a complete language in itself. And its power lies in its arbitrary preciseness with not only integers, but with real numbers. If you’re wondering what that means, its computation is usually not limited by the size of the integer or real number types, unlike in most programming languages. Thus, this is closer to our day-to-day use of mathematics, abstracting away the internal details of the computer's precision. So, let's get started with the first bits of math, and then move on to more involved aspects like variables, conditionals, and still later on, functions and recursion.

Basic operations

For integer-only math, you can invoke the bench calculator as ‘bc’. For full-fledged real number math, invoke it as ‘bc –l’. Once invoked, it will print a welcome message and then wait for you to type your math statements, before pressing ‘Enter’ to get your answer. To quit bc, enter Ctrl-D on an empty line. All the basic arithmetic operations: addition (+), subtraction (-), multiplication (*), quotient (/), remainder (%), power (^), and brackets (()) are just there—with C-language-like precedence and associativity rules. An example with all of them in use is shown below: $ bc bc 1.06.95

OPEN SOURCE FOR YOU | FEbRUaRY 2013 | 73

For U & Me

Overview

Copyright 1991-1994, 1997, 1998, 2000, 2004, 2006 Free Software Foundation, Inc. This is free software with ABSOLUTELY NO WARRANTY. For details type `warranty'. 2 + 2 * 3 - 5 + 21 / 4 * 6 # A basic maths statement 33 (2 ^ 2) ^ 3 # Another one, with power & brackets 64 ^D

Yes, you guessed right. # starts a comment, as it does for the shell, or like // in C++. For a multi-line comment, you may use /* */ as in C/C++. You may want that, just in case you are writing a complete program in bc. To do that, put your math statements (each one on a line by itself) in a file, say in prog.bc, as follows:

numbers or small letters of the alphabets. Yes, you read it right, only small letters (a,b,c,...,z). This is because capital letters (A,B,C,...) are used to represent numbers in other bases greater than 10. bc supports various bases from 2 to 16, and two variables associated with them: 1) ibase: defines the base for input; and 2) obase: defines the base for output. By default, both are set to 10, as in our day-to-day math, but can be modified, for fancier base conversions. Here's a snippet: $ bc -ql ibase # Show the current input base 10 obase # Show the current output base 10 obase=16 # Set the output base to 16 108 # Input in base 10; Output should be in base 16

2 + 2 * 3 - 5 + 21 / 4 * 6 # A basic maths statement

(2 ^ 2) ^ 3 # Another one with power & bracket

obase=10 # Set the output base back to 10

quit # This will complete the program and not wait for more input

ibase=16 # Set the input base to 16 11 # Input now in base 16; Output should be in base 10

And then execute (yes, I do mean ‘execute’; you do not need to compile it) as follows:

17 ibase=10 # Set the input base to 16. 10 is 16 in input base 16. ibase=A # Set the input base to 10.

$ bc prog.bc

obase=2 # Set the output base to 2, i.e. binary

bc 1.06.95

x = 2 * 5 - 1 # Set the variable x to 9 (input base 10)

x # Display the value of x (in output base 2)

Foundation, Inc.

1001

This is free software with ABSOLUTELY NO WARRANTY.

x * 2 # This should display 18 in base 2, but x is still 9

For details type `warranty'.

10010

obase=10

x++ # Post incr: Display the current value of x and then incr it 9

Ah! You have got the welcome message from bc, and then your results. To avoid the welcome message, add the -q option to the command-line, as shown below:

x # Display the incremented value 10 --x # Pre decrement: Decrement x and then display its value 9

$ bc -q prog.bc

33 64

You may also try out the difference in the output of the same program with a -l option, i.e., with real numbers. Then, / would be treated as a complete division, not just a quotient provider. Here's what you would get: $ bc -ql prog.bc 34.50000000000000000000 64

Programming with bc

As soon as programming is mentioned, the first thing people think of is variables. Yes, so they are there. Variable names must start with a small letter and may contain ou

From the demo shown above, you might have already observed that there is nothing like declaring the variable type; just assign them using = and then use them. Moreover, bc also has basic conditional and loop constructs: if, for, while, break, and continue. And along with those are the usual C-like relational (<, <=, >, >=, ==, !=), logical (!, ||, &&), and operation-assignment (-=, +=, *=, /=, %=, ^=) operators. A note of caution: their precedence and associativity rules may not be as in C. If you do not understand that, forget about it—just make sure to use brackets for whatever operations you want to occur first. Here goes two simple programs to demonstrate this point: 1) Computing the sum of the first n numbers (sum. bc); 2) Computing the product of the first n numbers, i.e. factorial of n (factorial.bc):

Overview

For U & Me

#sum.bc

}

print "Enter a positive number: "

print "Product of first ", num, " numbers is: ", product, "\n"

num = read()

quit

sum = 0 current_num = 1 while (current_num <= num) { sum += current_num current_num += 1 } print "Sum of first ", num, " numbers is: ", sum, "\n" quit

Code snippet for factorial.bc: #factorial.bc print "Enter a positive number: " num = read() product = 1 for (current_num = 1; current_num <= num; current_num += 1) {

The above programs can be tried out by issuing shell commands ‘bc -ql sum.bc’ and ‘bc -ql factorial.bc’, respectively. But, what are those two words, print & read, doing in the code? They are built-in functions, displaying a message to the user, and taking a number from the user, respectively. Functions? Yes, bc can do functions as well, but that will get covered in the next article. For now, just go ahead and try the above programs.

By: Anil Kumar Pugalia The author is a hobbyist in open source software and hardware with a passion for mathematics. A gold medallist from the Indian Institute of Science, mathematics and knowledge sharing are two of his many passions. Apart from that, he experiments with Linux and embedded systems to share his learning through his weekend workshops. Learn more about him and his experiments at http://sysplay.in. He can be reached at email@ sarika-pugs.com.

product *= current_num

Continued from page 68.... Xine

Xine is a multimedia player that, quite frankly, looks extraordinarily outdated. However, it supports a huge list of file formats, and can be used as a stand-alone multimedia engine for various media players. Didn’t get me? Well, KDE’s Kaffeine is built on it. Thus, Xine can double as a back-end multimedia engine as well as a fully functional front-end media player. Link: http://www.xine-project.org/home

MPlayer

Is your OS or computer having problems with almost all major media players? Don’t panic, and do not get angry. Just grab MPlayer. It is, unarguably, one of the most flexible media players for Linux, because it supports various system configurations, both new and old. Even though the player itself is simple, it can play through hardware MPEG decoders (in simple words: full-screen videos look extra awesome). Also, MPlayer supports a huge list of file formats. If you don’t believe me, just check them out here: http://www. mplayerhq.hu/design7/info.html Link: http://www.mplayerhq.hu/design7/news.html

Clementine Music Player

Amarok underwent significant changes in its interface when version 2 was released. As with any software

overhaul, some people loved the changes and others hated them. The latter half decided to channel their ‘hate’ in a constructive manner and built Clementine, based on Amarok’s source code. Technically, Clementine is what you get when you port Amarok 1.4 to work with modern KDE devices. Once again, it is based on QT4 and is fast, nimble, swift and super efficient! When it comes to features, Clementine supports various Internet radio stations such as Spotify and Last. fm, and also allows you to play media files that you have uploaded to Google Drive. Clementine supports devices such as the iPod and smartphones, and apart from Linux, it also works on Windows and Mac OS. Link: http://www.clementine-player.org/ With that, we come to the end of this article about media players for Linux. I hope you enjoy the list, and if you have a music player that you think deserves to be mentioned in this list, feel free to let me know at sufyan[at] bravenewworld.in. By: Sufyan bin Uzayr The author is a freelance writer and artist based in India. He is associated with multiple magazines and websites, and takes a keen interest in open source software, Web CMS, digital art and mobile development. Sufyan has authored a book named “Sufism: A Brief History”, and is currently serving as the founding editor of an e-journal called Brave New World (www.bravenewworld.in). You can visit his website, www.sufyanism.com or catch him on Facebook at www.facebook.com/sufyanism.

OPEN SOURCE FOR YOU | FEbRUaRY 2013 | 75

For U & Me

Interview

We are growing beyond Linux Gone are the days when Red Hat used to be synonymous with Linux. The company is strategically going beyond that conventional image and wants increased visibility in the enterprise space. The new leader of Red Hat India, Arun Kumar, has different plans for the firm. While he wants to build on the legacy he has inherited, he does not mind venturing into newer spaces. Diksha P Gupta from Open Source For You spoke to Arun Kumar, general manager, Red Hat India, about his new job profile and the days ahead. Read on...

78 | february 2013

Interview

You have just taken over from Anuj Kumar. Can you share a bit about your background?

What is your strategy for the Indian market and what changes do you aim to bring about?

I have been in the industry for about 20 years. I started off at Wipro in the early 1990s. I joined Red Hat through an acquisition in 2001. I joined as general manager, Red Hat India, in September 2012.

I am returning to India after five years, since my previous assignment was at Singapore. Red Hat India is an important constituency for us. Regarding where Red Hat is heading, I think we have a global strategy with a local execution and flavour. Our local strategy is very simple. We believe that the move to the open hybrid cloud is not a question of ‘if’ but a question of ‘when’. A number of different forces come into play if we look at things from that perspective. I think it is important to understand that the cloud starts with commodity architecture. I think most of the enterprises in India are still not there but are stuck on proprietary and legacy UNIX infrastructure. So, for these organisations to move to the cloud, I think they have to make that initial step. It has already happened in most of the countries. India is lagging behind in this space, which is an opportunity for us. It has been the bread and butter for Red Hat’s business, globally. I think from a strategy perspective, we will follow our global strategy. We want to help our customers in their journey to the open hybrid cloud and actually deliver that for them. I see similarities in the cloud space and what we have done in the past ten years. If you go back to the roots of what the cloud promises, it’s essentially four basic blocks, which are: 1. Everything on the cloud is built on commodity architecture, which gives customers choice and value as against a proprietary cloud. 2. Everything in the cloud has to be interoperable. 3: It’s about value-based equations as nobody is buying licences any more on the cloud. The consumption is more demand-based, which requires, at the minimum, a subscription model, where the subscription period could be as low as a minute and as high as a year, and so on. 4: The last part is the scale. To do things that you want to do on the cloud, your technologies have to be extremely scalable and have to innovate at a faster rate. So if you consider these fours essentials of the cloud, we have been offering them from Day 1. Ninety per cent of our business runs on commodity architecture. By the sheer definition of open source, it’s all about open standards and interoperability. We have had a subscription model from Day 1. Because of the way the community does development, the architecture is highly modular and has built-in scale. So nothing lends itself better to the cloud than what we have been doing for so long. So, in that sense, it is just the execution of our strategy. We have built a solutions

For U & Me

"I think from a strategy perspective, we will follow our global strategy. We want to help our customers in their journey to the open hybrid cloud and actually deliver that for them. I see similarities in the cloud space and what we have done in the past ten years." portfolio that goes beyond limits. In the late 90s, people used to associate networking with Cisco and Linux with Red Hat. We are growing beyond that with initiatives in the middleware market. We have acquired a lot of credibility on the virtualisation and cloud fronts. From that perspective, we are growing beyond Linux and offering end-to-end solutions to our customers.

Anuj Kumar was executing a similar kind of strategy. How do you plan to do it differently?

I think for us to succeed in India, we we need a triangulation of parties, including the customers and our partners, SIs and ISVs, who are engaged in opportunities with Red Hat. I have been working very closely with Anuj for the last 24 months because I was managing the alliances portfolio for APJ. We actually set that strategy ball rolling. So, in a lot of ways, there is no major change in the strategy; it is just executing the strategy we have had in place for 24 months, jointly. At the end of the day, what we will try to ensure is that the messaging is consistent on all fronts—whether we deliver it, or it goes across from our partners who help us execute the strategy. The government and the BFSI will remain our major focus segments. I think my job here is to ensure that our customers and partners understand our strategies and the value that we bring to the market place. My job is to articulate the strategy and to reach out to them in multiple ways. And thus, we can reach a much wider audience than just customers and partners.

Initially, Red Hat was synonymous with Linux and now the company is gradually being known as an ‘open source’ brand. What kind of branding and positioning are you looking for Red Hat in your tenure? I think it’s an evolving phenomenon. We want to be a catalyst for communities of developers, customers and partners worldwide to help build software that is fundamentally being developed and conceived very differently from what you have seen before. So, in that sense, we play a very interesting role now. Think about the open virtualisation alliance. This alliance was created fundamentally to make sure innovation in technology around KVM and virtualisation was backed and driven by the industry heavy-weights. If you look at our role in

OPeN SOurCe fOr yOu | february 2013 | 79

For U & Me

Interview

the entire scheme of things, we play an important part. If you look at the companies who have tried to open source products but did not succeed in their attempts -- we had a different strategy as compared to them. It’s not just about taking some software, publishing the source code and putting a licence on top of it. We have mastered the act over 15-20 years. We felt that it was important for us to get the community together and access the larger developer base, which would fuel the innovation further. I think we have understood our role in the community well, over a period of time. I think customers recognise us as a reliable brand when it comes to the delivery of open source solutions and technologies. They equate us with value. So, if you look at the CIO surveys that happen every year, in the last five years, we have consistently been ranked amongst the top two players. The brand association has gone beyond Linux to a much wider horizon of open source as a technology, not restricted any more to a development model. At the end of the day, it is what is now seen as a means to an end and that end is customer choice and value. So the brand obviously has expanded. The recognition has now moved towards the brand’s value and I think this is manifesting itself every year in such independent surveys.

Yes, but you have increasing competition coming in. Microsoft has also entered the world of open source technology and, quite clearly, this is a challenge for vendors in this space. And then there is the Attachmate group emerging as a strong body with its recent acquisitions of Novell and SUSE. How does this impact your business? I have said this before on various platforms and I would like to reiterate the same thing here. When you think about value, cost is only a part of the value equation. So, when customers choose to do business with a vendor, they choose to do business based on a whole range of priorities. I think what is very interesting in the CIO survey that I just mentioned, is that the CIOs were asked ‘Who are the vendors that you are most likely to go and do business with?’ and we have consistently been ranked one of the top two positions in this aspect as well, for over five years. So, in an era of cut-throat competition, the fact that we have been consistently rated highly by the customers, speaks volumes about our hold and proves that customers value relationships built on value.

What are the most differentiating factors in the way you do business with customers as compared to any other company? I don’t know the differentiating factors that were tracked in that survey, but I can tell you the things that we do. By being the catalyst in the open source community, I think customers who have engaged with us over a longer

"We want to be a catalyst for communities of developers, customers and partners worldwide to help build software that is fundamentally being developed and conceived very differently from what you have seen before. So, in that sense, we play a very interesting role now." period of time have understood the value that we bring to the table -- from bringing the whole development process into the enterprise world and the way we translate their requirements back and forth between the community model and the enterprise development model. So finally, they consume technology at a value and cost that they are comfortable paying. Yet another factor is our subscription model. After Microsoft, we deliver the widest range of hardware and software application certifications. Therefore, customers (who deploy a certain application on a combination of certain hardware, networks or storage devices) know that if something is certified for Red Hat, there is a good chance that things work completely out of the box. We have been working towards this over the years and I know for a fact how much goes into making sure that every server is certified. The pervasiveness of technology gives customers the confidence that they can rely on us. The third part is the customer experience. We have got a number of awards for good customer support. We deliver 24x7 technical support to our customers and we provide consulting services as well.

Expansion plans...

Red Hat recently expanded in India with its Bengaluru and Pune facilities, and now the company has said that it wants to spread its wings in China. After North America, India was the second largest expansion for Red Hat. How do you view the Chinese market and what prospects do you see there? I think different markets around the world have different dynamics. Let me give you some statistics. The number of servers shipped in India was about 150,000 in 2012. The number of servers expected to ship in China is 1.3 million. And if you look at the Gartner and IDC predictions in terms of the server market share, the Windows’ server share will range between 60-75 per cent while Linux would be 35-40 per cent. So we want a share in the Chinese market as well, because it is a major market. We have been investing outside North America significantly from the past 10 years and this expansion is a part of the same drive.

Interview

You have focused a lot on the cloud, whereas if you look at Red Hat’s market in India, a major share of your revenue comes from the certifications... First, we do not have a breakdown of any revenue figures in India. So I cannot give you any details on India-specific numbers. Let’s look at it on a worldwide scale. Globally, we get 87 per cent of our revenue from subscriptions, while 13 per cent is from the services. Training and certifications fall in the 13 per cent share, which is a very small part of our business globally. While the cloud, at the end of the day, is the ultimate destination. Realistically, the number of customers deploying a hybrid cloud today can be counted on my fingers. Like HTTP and the Web revolution that came to stay, the cloud will also evolve as a phenomenon. It will take some time to evolve completely but we have to have a vision on how to take customers to a point where they can leverage it. I spoke to a CIO recently, and he said he wants to be completely suspicious about the cloud and then come out of it, rather than being completely bullish and then getting disappointed. I am talking of one of the top 10 CIOs of the country. So it’s not that they are sceptical about the

For U & Me

cloud as a phenomenon, but they want to watch out for what path to take. We want to help our customers in that. India, China and ASEAN markets are unique because a lot of infrastructure is greenfield. There is no legacy and it is a great opportunity. It means starting from scratch. In that sense, we will have to look at this market differently. The ‘one size fits all’ strategy will not work here. So we will have to cater to the different requirements of different parts of the market with a different game plan.

Are you planning to involve SMBs as well in your endeavours?

You talked about certifications and I think that is an interesting reflection of how we are doing with respect to SMBs. India is one of the biggest training industries. A lot of people achieve certifications and enter different segments of the business in the SMB space. The fact that we deliver the highest number certifications globally speaks for the requirements of Linux skills in that space. But because of our business model, where we work through channels, it is really difficult for us to say who is buying Linux and who is consuming it, unless they call us for support.

OPeN SOurCe fOr yOu | february 2013 | 81

For U & Me

Overview

The Status of Research in Localisation In this 10th and concluding article in the series on localisation, the author take a closer look at the challenges for Indian language localisation and the current status of research in the field.

en years back, there were very few people who knew how to use Indian languages on the desktop. Now, we not only have millions of people who read content on the Internet in their native languages on desktops and smartphones, but also thousands of people who edit and contribute content. This has been possible due to the availability of computing devices with Indian language support, their falling prices, as well as the ability to access the Internet through various communication mediums. We have seen a few early signs of the outcome of the research of the last decade, in the form of machine translation support for the Web. While five Indian languages are supported by Google's machine translation tools, the quality is still not up to the mark due to the complex nature of languages. Speech and touch interfaces have made their appearance, particularly on smartphones. The speech interface is now supported in limited domains, such as searching through the contacts list, or searching the Internet. However, Indian-accented English support needs to be improved. As per the framework of the Centre for Next Generation Localisation, a specialised centre of excellence in Ireland, the challenges for localisation are volume, access (interaction mode) and personalisation. These three dimensions represent three axes, with most of the localisation work focused on highvolume content in corporate environments, with support for U

the traditional keyboard-and-screen mode of access, and limited support for personalisation in terms of language variations. The research challenge is to leverage various core technologies and frameworks to be able to instantly translate content and localise applications, duly considering the profile of the user. The next few paragraphs explore the status of localisation and the challenges faced in dealing with Indian languages. a) Volume: The quantity of information on the Web is exploding due to its popularity as a medium of communication and interaction, and also the popularity of Web 2.0 platforms such as Twitter, Facebook, Google+, etc. The industry has tried to address this by defining and improving the process for localisation in corporate environments, as well as leveraging the crowd sourcing opportunity in social media environments. The core component of localisation is the translation technology. For a long time, the route explored was rulebased translation research consisting of parsing of the source text, and using dictionaries and grammar rules to produce the translation. Subsequently, Statistical Machine Translation(SMT), based on training of the algorithms, with paired human-translated texts of source language text and destination language texts has become popular. Websites, translated at the click of a button for the dominant languages, have become feasible—though the quality of the translation could be inadequate for professional requirements.

Overview Localisers can use the automated translation suggestions from SMT, when there is no proper match in translation memory to improve the translation. The resulting improved translation can be used to train the statistical machine translation system. b) Access (interaction mode): The traditional access (interaction mode) method while working with computers is through a screen and a physical keyboard. We have seen the emergence of the touchscreen, which allows for virtual keyboards and alternate methods of input like writing on the screen or composing the input by rapid selection of letters from the virtual keyboard by tracing a finger from letter to letter. In addition, with the popularity of smartphones, voice input and output is becoming another key interaction mode. Due to the small screen size of phones, there is potential for errors in inputting text. Dictionary-based approaches that prompt the user to pick a word from a limited choice have been helpful. Other technologies that have reached a level of maturity in English, but need further development for Indian languages, are spell-checkers and grammar checkers. Speech technologies for text-to-speech and speech-to-text are critical for the voice mode of interaction. This works fine in a limited context like search or interactive customer support in English. The support for Indian languages is limited in text-to-speech, and barely exists for speech-to-text. And speaker independence and operating in noisy environments are global challenges. Character recognition technology, which was developed to rapidly process huge volumes of data from physical books, supported by image processing and pattern recognition techniques, has matured for English, whereas current offerings for Indian languages are not adequate. Handwriting recognition is another area of active research, as it allows for more natural user interfaces. Here again, the complex nature of most Indian scripts makes this a challenging research area. c) Personalisation: Traditionally, localisation is coarsegrained in the sense of its focus on language and not much on its variation across countries and regions within a country. Personalisation refers to making information available as per the personal and information requirements of the user in a given context. This makes such information more valuable. If the user interface and other content can be made specific to a language as spoken in a particular region, the quality of localisation will become much better. This requires several resources, such as dictionaries at the dialect level and also a way to transform sentences from a standard language into its dialect forms.

Localisation tools

We have looked at the advances in tools from the basic text-editor kind of models to Web-based platforms in the previous articles. The tools have live interfaces to Translation Memory repositories, and support various project management tasks such as planning, tracking and work flow, as well as reporting mechanisms. Support for XML interoperability standards like XLIFF, TMX and TBX is also available. Several commercial business models based on the purchase and exchange of language resources have become

For U & Me

common. Tools that allow Web localisation to be done directly on the displayed web page have appeared (e.g., Mozilla Pontoon). Further improvements to tools to manage the complexities of localisation as per user constraints, while leveraging Web services and crowd sourcing efficiently, is an active research area.

Future of Indian Language Technology Research

The Indian government's Department of Electronics and Information Technology (DeiTY) has an initiative called 'Technology Development in Indian languages' (TDIL). The objective is to popularise the support for Indian languages on computing platforms. It has been promoting work on machine translation systems—from English to Indian languages and from one Indian language to another, cross-lingual information access, and Optical Character Recognition and handwriting —through a consortium of academic institutions and research organisations for than a decade. Demo versions of products, along with relevant fonts and software for each language, have been developed and were made available through free physical CDs seven years back. The same are now available for download from its data centre website. However, all the offerings are only meant for non-commercial use. Redhat, Google, Microsoft and various small and medium enterprises have been pioneering their own initiatives to popularise Indic computing. Free and Open source groups have also worked tirelessly to improve support for Indian languages. The involvement of all language computing stakeholders on a common platform in defining the strategic goals and assessing the outcomes, as well as releasing the results of basic research, tools and language related databases under unrestricted licenses will be a great step for rapid progress.

End note

It has been a great opportunity for me to introduce localisation and explore its various aspects, over the past year, through this magazine. I express my thanks to the OSFY editors and management for their support. I acknowledge and thank all the people and organisations who persevere passionately to make Indian languages on par with English in computing arena. References [1] Next Generation Localisation, Josef van Genabith, Localisation Focus, Vol. 8, Issue 1, http://www.localisation.ie/ resources/locfocus/vol8issue1.htm [2] Pontoon Introduction-Zbigniew Braniecki http://diary.braniecki.net/2010/04/19/pontoon-introduction/ [3] TDIL website http://tdil.mit.gov.in/

By: Arjuna Rao Chavala The author is chief consultant of Arc Alternatives, which works to catalyse transformation of IT/engineering enterprises with a focus in the areas of IT, program/engineering management and open source. He co-founded Wikimedia India and served as its first president. He also serves as the WG Chair for the IEEE-SA project P1908.1–-‘Virtual keyboard standard for Indic languages’. He can be reached through his website http:// arcalter.com or by email to arjunaraoc@arcalter.com.

OPeN SOurCe fOr yOu | february 2013 | 83

For U & Me

Overview

The Best Smartphones and Tablets A Buyers’ Guide

Ultra-portable devices have taken the market by storm, eating into the legacy PC market.With the increasing popularity of Android as a platform, vendors are churning out a plethora of devices to choose from. This article aims to guide you on the best available.

ndroid has taken everyone by storm—I still remember trying out the first beta release on a virtual machine. No one believed it to be strong, but perhaps the backing of an Internet giant has its own benefits. Being open source (kind of), the Android project gained traction and within years became a real competitor to the then very strong iOS. In this article, In this article we will be looking at devices that feature some flavour (version) of Android. But before we get to the devices, let's take a quick look at the innards. Android is an ARM-centric OS. Even though it has now added support for MIPS and x86 instruction sets, its ‘first love’ is still very much the ARM instruction set and all Android releases (AOSP builds) are geared towards ARM processors.

The ARM processors jargon buster

ARM (Advance RISC Machines) is a UK company that built RISC processors, which it sells under its name. Almost all smartphones and low-power computing devices use ARM or some sort of RISC processor (e.g., MIPS) inside. ARM doesn't 84 | february 2013 | OPeN SOurCe fOr yOu

actually sell microprocessors—it licenses its technology to other companies as a result companies can either drop the vanilla (non-modified) ARM Core in their SoC or create their own processors using ARM designs as the blueprint. Of course, all companies have to pay royalty to ARM. SoC: The System on a Chip is a package that has the processing core (CPU), graphics core (GPU), memory controller, baseband and host of other controllers that are needed to process data, fabricated onto a single piece of silicon. SoCs are efficient and reduce memory overhead. All mobile devices come with an SoC from one manufacturer or the other, which may have either an ARM/MIPS or x86 core. Companies like Qualcomm, Texas Instruments, ST-Ericsson, Apple and nVidia built their SoCs using ARM processor designs. The ARM nomenclature can confuse you easily. Unlike the x86 core/instructions, which are easy to understand and differentiate, ARM makes the job a bit tougher. To make things easier, I'll segregate the ARM core into three segments, as shown below.

Overview Instruction set: These are special functions that a processor can perform such as arithmetic instruction, floating point, bit manipulation, etc. ARM supports a variety of instructions from measly mathematical to the complex vector/ SIMD instructions. Until recently, ARM was very much into low-power and miniature cores limited to 32-bit addressing modes. However, the firm recently introduced a new family that supports 64-bit which addresses high-performance computing, but we aren't covering that. The ARM architecture and family: The ARM architecture is the base for all ARM cores available today. Usually, a company creating custom cores licenses the architecture for fine-tuning/tweaking before it builds its own core. Some of these manufacturers are Apple (A series processors) or Qualcomm (Snapdragon Krait), as mentioned earlier. Using the architecture and fine-tuning it for special work such as Real Time Processing or general-purpose, ARM creates a family of processors that goes under the names Cortex-A, Cortex-R, etc. The ARM core: By varying the core clock speed, instruction sets and processing elements, ARM produces many cores for the SoC builders. One of the most common that you may have heard of is from the Cortex-A family—the Cortex A9 cores are used in almost all smartphones. It's totally up to manufacturers to opt for the cores they feel are suitable for their SoC needs. Since we’re now done with the processor jargon, let me lay out a selection criteria covering both hardware and software, which I used to pick the best VFM hardware on the market. Also, keep these points in mind when you shop for a tablet or a smartphone. Screen size: This is the first thing that comes to mind. Screen size selection is subjective and should be based on your taste. Still, for a smartphone, it's better to opt for a screen that’s bigger than 10.16 cm (4”). As for tablets, we will be covering both industry standard 17.78 cm (7”) and 25.4 cm (10”) devices. Resolution: Ultra-portables bestowed us with resolutions that were higher than earlier laptop models or even higher than the 56 cm (22”) monitor. The best part is that these devices offer the ability to pinch to zoom or tap to zoom, which aids in reading even with a lower-size display. Look for the best screen in terms of PPI (the higher the better); do note that some mobile phones boast of higher screen sizes, but the resolution is not on par, which results in a lacklustre viewing experience. Usually, a PPI of above 200 is considered very good. Hardware: The biggest issue with Android is fragmentation. Thus, to get good performance, you need more than a single horse to drive the system. iOS can run very well with half the processing power and works even smoother—however, in Android, you can have better hardware at a lower price point. The general consensus is to avoid devices with single-core processors. You'll feel lag and jitters during Web browsing, which isn't a good experience.

For U & Me

• So how many cores? “The more cores, the better,” is generally a myth. Architecture and process nodes boost performance more than stuffing in more cores without enhancements. Phones with quad-core SoCs can drain your battery and heat up your phone more often. Phones with Tegra3 can reach a temperature as high as 65*C under usage which makes them practically very hot to handle. Tablets have more breathing room, so even with a power-hogger temperatures stay low. For example, the performance of the Nvidia Tegra 3, a quad-core, is significantly lower than the Qualcomm dual-core Krait SOC (28 nm counterpart). • GPU: There aren't many options in this segment: ARM (Mali), Qualcomm (Adreno), MediaTek (PowerVR) and Nvidia (GeForce) are the only choices one has. Of these, ARM and Mediatek license their GPUs to vendors, so you'll see those in many phones. If you go for an Adreno or Mali GPU-based system, make sure your device has over 1 GB of RAM, since these co-processors tend to share a large chunk of memory, leaving less for your apps. Updates and custom ROMs: This is an area that is badly plagued and monopolised by vendors. Even though Android is an open source solution, neither you nor Google can control the updates for the devices. Vendors have complete control over it and that's why Android has stagnated with fragmentation over versions. Most devices below Rs 10,000 hardly receive any updates while devices under Rs 20,000 are put on the hold list and may or may not receive version updates from vendors. If you want a future-proof phone that will receive an update for the next version of Android, look no further than Nexus devices from Google. From what I have seen, Samsung is the top vendor when it comes to providing relentless updates and upgrades for their devices, followed by HTC. The worst are Sony and Motorola, which dropped umpteen devices from their update list for absurd reasons. If you are curious and know how to work around this problem with updates, you can always install third-party ROMs available at XDA-forums. These are highly untested and community built, so be aware that you can ruin your device. Some well-known ROM developer groups are Cyanogen, MIUI, AOKP, etc. Here again, the unfortunate approach of most developers is to target high-end devices for their ROM; so if yours is a low-cost device, it may be left with few or no updates. Still, I can't blame these freelance developers, as they work for nothing yet provide you with compelling solutions (if your device is listed) at no cost. So, before buying a device, do drop by XDA to check how well your device is supported there. I won't be covering 4G or LTE baseband details, since their penetration in India is currently limited and won't make an impact in the next two years at least. OPeN SOurCe fOr yOu | february 2013 | 85

For U & Me

Overview

The top-of-the-line smartphones

Here’s a list of some of the best available in every price bracket.

Rs 30,000 and above

Often advertised with PC-like characteristics, huge screens and other premium features, such phones find many takers in the market. Our pick - Samsung Galaxy S3: This comes with the home-brewed Exynos Quad-Core processors based on Cortex A9 cores and is one of the most featurerich and powerful phones to own. To top it all, there're a plethora Samsung Galaxy S3 of accessories that you can get from the market. The alternative - LG Nexus 4: Although yet to hit the Indian market, it's one of the best-looking devices on paper. It sports the most powerful mobile SoC (Qualcomm Quad-Core Krait). Hopping on the Nexus bandwagon, LG has pulled a bunny out of the hat with its state-of-theart design and commitment to bleeding-edge updates directly from Google. The only downside is the glass back cover, which is at risk if Nexus 4 you drop the phone, though for safety you can attach a back guard to protect it. A worthy recommendation - Samsung Galaxy Note 2: Not actually a tablet, this 12.7 cm (5”) monster packs a lot of punch. With a gorgeous display and a pumped-up processor (a higher-clocked variant of SGS3), the Note 2 brings you the best of two worlds, allowing you to use the Spen for drawing and doing precise work with ease. With its split screen and host of other features, the Note 2 is a great device if you are fine with carrying around a huge screen. Accessories and performance are also top-notch.

In the Rs 20,000- 30,000 range

Our pick - HTC One X: With recent price cuts, the now more-affordable One X boasts of a power-hungry Tegra3 processor and stupendous styling, with exceptional build quality. With more than enough onboard storage and good performance, this is a great device. Its only downside is that the processor heats up during heavy workloads, such as gaming. An alternative - Samsung Galaxy Nexus: Even though the device is quite old, it still holds its own in almost every aspect. Powered by a dual-core TI

86 | february 2013 | OPeN SOurCe fOr yOu

chip, the Nexus can run the latest games and provide smooth browsing even with image-intensive pages. The generous 11.81 cm display with 720p stands up well to the competition. Its obvious advantage lies in the lease I developer support on custom ROM, and relentless updates from Google for the latest OSs.

In the Rs 10,000 - 20,000 range

Our pick - LG Optimus L9: Stellar build quality and a huge display backed by the same dual-core chip that powers the Galaxy Nexus, the LG L9 is a mainstream phone that offers a huge display at a mainstream price point with respectable pixel density. The 1 GB inbuilt RAM and the ability to expand storage via MicroSD is a bonus. Except for the mediocre camera, everything in the phone is quite ‘happening’. A less skinned UI and developer support makes the phone a perfect fit for its Rs 18,000 price tag. An alternative - Micromax Canvas 2 A110: Micromax has come out of the shadows and is now grabbing market share with both hands. The firm not only shook up the whole market but now has released products that outclass many of its competitors. The Canvas 2 is a gem of a device; in fact, it's on par with the best in the market, yet provides a compelling solution for Rs 10,000. With sound developer Micromax Canvas 2 support, except for the restricted and sketchy update path, Micromax has nothing going against it. Specs-wise, it beats even phones priced above Rs 15,000.

Under Rs 10,000

Micromax Ninja 4 A87: This device has a 1 GHz Scorpion processor, expandable memory (4 GB card bundled) and a 10.16 cm (4”) screen (233 ppi). The only downside is the Android version, stuck at Gingerbread and the Ninja probably won't receive any updates. However, if you don't care much about updates, it's hard to beat the A87. At Rs 6,000, it probably bests every other highprofile manufacturer in terms of specs and offerings. The Ninja 4 is one great value for money phone. An alternative - Sony Xperia Tipo: Loaded with ICS and a respectable 800 MHz processor, the Tipo is aimed at the lower end of the market. There isn't much on offer except for the basics of Android ICS. The only positive is the screen and acceptable performance for day-to-day tasks. Do not expect phones under Rs 10,000 to break world records. With Sony you can at least expect ‘some’ incremental updates for performance and bug fixes.

Overview

Top tablets for the Indian market

Unlike smartphones, tablets tend to have fewer form factors, practically limited to either 25.4 cm (10”) or 17.78 cm (7”). These cater to different audiences and changing work conditions whether you are on the go or relaxing on the couch. Tablets have become more of a style statement and a gateway to efficient Web browsing and ebook reading. Premium - Galaxy Nexus 10: Smashing the retina display by a huge margin (~300 PPI), Google, along with Samsung, has created a hardware marvel. Boasting of a quad-core SoC with the spanking new Cortex A-15 core at its heart, the Galaxy 10 is not only a powerhouse but also efficient. The bundled 2 GB of RAM ensures smoothrunning games and applications. Multi-tasking and heavy process execution is buttery smooth thanks to the beefy hardware. The icing on the cake is the 25.4 cm (10”) screen with a mind-boggling resolution of 2560x1600, resulting in an astounding PPI of 299—a feat that most desktop monitors fail to achieve. For optics, the tablet comes loaded with a full HD (1080p) rear camera and a front (720p) camera for video conferencing using Google+ hangouts. Updates are no issues either, it being a Nexus device. This is a cool device if you plan to spend heavily on a premium tablet. The only downside is local availability; Google hasn't opened its Play Store for hardware purchases in India and is not actively looking to ship this device here. However, it is rumoured to be priced at around Rs 31,000 on debut, for the 16 GB version. An alternative - Samsung Galaxy Note N8000: Even though the dimensions are similar to its higher-end sibling (the Nexus 10), the Galaxy Note falls short on many counts. The quad-core SoC (Cortex A9 cores) though boasting of a higher clock speed and more processing power, is architecturally crippled compared to the Cortex A15 cores in the Nexus 10. Further, the screen has a resolution of only 1280x800, which is nowhere near that of the Nexus 10. The build quality of the Note has been fairly well-received and provides good ergonomics. The tablet sports optics similar to the Nexus 10. Samsung is shipping the device with ICS but off lately has been rolling out Jelly Bean updates for the Note, along with some premium features that are only limited to Samsung tablets. With a price tag of roughly Rs 38,000, the Note is very pricey, but the kind of experience it offers is worth it.

Mid-range 17.78 cm (7”) tablets

The Google Nexus 7: Google has undoubtedly dominated the tablet market, even though it is not manufacturing the device. With Asus, Google debuted the Nexus 7 for an unbelievable price of $199 for the 16 GB version—and ever since, it's received rave reviews. The small screen and 720p resolution were enough for the Tegra3 chip inside it to drive exceptional performance. The tablet has a plastic build with no rear

For U & Me

camera but a 1.2 MP front camera for conferencing. The tablet was later plagued with poor screen quality and ghosting, along with colour production issues, which seem to have been fixed in later revisions. The Nexus 7 is a compelling package that has set a benchmark among lowpriced devices. Competing manufacturers are finding it hard to release a counterpart. Backed by strong community and Google updates, it's hard to ignore a device that costs so little. The downside— the Nexus 7 is sold at a Nexus 7 price tag of Rs 20,000+ in the Indian market, a decision that is controlled by Asus. There's also the storage limitation: the Nexus 7 doesn't offer any option to expand storage—neither via MicroSD nor USB OTG. An alternative - Micromax Funbook: In a remarkable turn of events, Micromax has stunned other manufacturers. This cheap tablet comes with a 1 GHz SoC, along with a 17.78 cm (7”) display. It's not the specs that make it special but the sheer developer support this tablet has gained making it very unique. You can try a plethora of tweaks, mods and custom ROMs for the tablet, and get it working within no time. Though the Funbook may not be groundbreaking on paper, it boasts a unique community-driven ecosystem and a super-affordable price of Rs 6500. Now that we’ve done with the list, I hope you'll be able to make a shrewd choice the next time you're shopping for an ultra-portable device.

Are we in a post-PC era?

The advent of smart and ultra-portable devices is eating away at the legacy PC’s market share and providing a compelling solution to the end user. However, these devices are not meant for power usage, irrespective of the price tag and the number of cores. For light work, these devices fit the bill—but people harping about the ‘post-PC era’ are exaggerating. These devices still require a full-blown PC to work perfectly (syncs, updates, etc) and don't have the amenities to enable high-end work. Thus, as of now, we're still very much in the PC era.

By: Shashwat Pant The author is a FOSS/hardware enthusiast who likes to review software and tweak his hardware for optimum performance. If you are interested in QT programming and are fond of benchmarking the latest FOSS distros and software, you can follow him at @shashpant on Twitter.

OPeN SOurCe fOr yOu | february 2013 | 87

For U & Me

Overview

Top Mind Mapping Tools for Android Mind mapping can be done on a piece of paper or on your smartphone, tablet, laptop and computer. Here’s a look at five open source mind mapping tools used on Android.

t is said that a picture is worth a thousand words. Then, what if that picture depicts the thoughts in your mind? It can be the most powerful diagram you will ever have, and that is exactly what mind mapping does. A mind map is a radial diagram with the key term in the centre and the associated ideas radiating as branches and sub-branches. The term ‘mind map’ was introduced by Tony Buzan, a popular British author and television personality. It is basically about how our brain takes care of thoughts. Our brain always looks for patterns, and a mind map stores information as a pattern. So each piece of information is linked to the next one. Studies have shown that mind maps increase the retention capacity of the brain by 10 per cent over the baseline for a text of 600-words compared to other study methods. This suggests that learning mind mapping might be a good idea. As mentioned earlier, a mind map is nothing but a diagram showing the wild patterns in your mind and the train of your thoughts. In this article, let’s explore some mind mapping tools used in the digital world. Readers unfamiliar with mind mapping could first practice it on paper and later move to the software app. Here are five open source mind mapping tools used on Android.

SimpleMind

SimpleMind is a mind mapping tool available for the Mac OS, the iPhone, Windows and on Android. The free version available for Android on Google Play has the following features: • Easy to use—drag, arrange and edit topics on the Mind Map page. U

• Tap or drag ‘Node Well’ to add new Topics. • Undo/Redo in the ‘Editor’. • Reorganise structures using the drag-and-drop feature, aided by ‘Topic auto-layout’. • Cut, copy or paste to move or duplicate topics between mind maps. • Apply visual styles—change colours, borders and lines for maximum presentation impact. • Large mind map page support—the diagram’s size is limited only by your memory.

iMindmap

iMindmap is the official software from the inventor of mind mapping, Tony Buzan. The features of iMindmap are: • Open .imx email attachments from the iMindmap desktop. • The ability to add Web links and text notes. • Templates to get you started fast. • Brand new ‘Sketch Tool’. • In-built SmartLayout technology to keep your maps tidy. • Tailor your maps with ‘Styles’ and ‘Freehand Branches’. • Undo/redo feature allows you to quickly amend or alter your mind maps. The very first time you use iMindmap, you will have to register, free of cost. Once this is done, you can start making mind maps by creating the central node and then drawing branches by touch.

Overview

Figure 1: A mind map in SimpleMind

Figure 2: A mind map in iMindmap

Figure 3: Mind Map Memo

Figure 4: SchematicMind

You can also download a few good looking templates that might get you started. There are icons that you can add to the mind map to make it more creative and attractive.

MindJet

Mind Map Memo

This is a very simple tool that allows you to create mind maps on your Android device. The user interface is very simple. You start by typing in the name of the mind map and that becomes the central node, from which you can just touch and drag the next node and thus build your branch. The same can be done from any node, thereby creating branches and sub-branches. In Mind Map Memo you can save your mind maps to the SD card or even mail it. There are options to change the colour of the node or to add icons to the node.

SchematicMind

This is another Android app for creating and editing mind maps. This is completely free and does not have any features that are locked. The app is quite simple, straightforward and does the job without any confusion. The main features of SchematicMind are: • Creates an unlimited amount of mind maps. • Easy-to-use touch interface. • Apply styles and icons. • Select from five distinct shapes. • Define topics, borders and background colours. • Supports zooming and scrolling. • Unlimited map size. • Has the export and import functionality.

For U & Me

MindJet is a collaborative work management software company founded by computer programmer Mike Jetter and his wife, Bettina Jetter. The mind mapping tool is called MindJet. This app requires a free registration. Besides the other features that come with the apps we’ve discussed till now, MindJet also supports gesture control. It can also sync your mind maps to a drop-box, so that you can share your mind maps with other devices like your PC or laptop. So select any random crazy topic and start mind mapping. You will be mesmerised by the amount of creativity your mind holds. Only practice can make you an expert in mind mapping and once you master the art, irrespective of whether you are a student, a project manager or even if you are just organising a party, you can see the flow of ideas and then see things automatically falling into place. References [1] http://en.wikipedia.org/wiki/Mind_map [2] http://freemind.sourceforge.net/wiki/index.php/Main_Page [3] http://www.ghacks.net/2010/03/05/map-your-mind-withview-your-mind/ [4] http://www.mindjet.com/

By: Vineeth Kartha The author is an electrical engineer and has a great passion for open source technologies, computer programming and electronics. When not coding, he loves to do glass painting. He can be reached at vineethkartha@ieee.org. Or visit www. vineethkartha.wordpress.com

OPeN SOurCe fOr yOu | february 2013 | 89

For U & Me

Open Strategy

WishTel to Launch Linux-Android Dual Boot Netbooks in India

Milind Shah, chief executive officer, WishTel

First of all, are all your products based on Android or Linux?

Yes. We do not use any platform other than open source technology to create our products. We have six products currently available in the market. Of these, three tablets are non-SIM based devices, while the remaining are SIM-based tablets. We are also set to launch a new range of netbooks, which will run Linux. The netbooks will also be offered in a varied price range. The low-end netbooks will come with the dual-boot option for Android and Linux, while the highend products will come with either Linux or Android.

Was it just the fact that the tablet market is growing in India that drew you to this segment?

Yes, certainly. We identified the growth of the tablet U

WishTel, a consumer electronics manufacturer from India, grabbed global headlines with just one smart move—the strategic launch of a Linux-based tablet PC called PrithV. With the product priced at Rs 3,300, WishTel not only won the hearts of those looking for affordable computing devices, but also made a name for itself in the open source community world wide. The tablet is priced only slightly higher than Aakash, the world's cheapest tablet PC. It sports a 17.7-cm (7-inch) LCD screen and comes with an 800 MHz processor. The tablet PC supports 85 languages in all, of which 23 are Indian. Apart from that, WishTel has a range of Android tablet PCs to offer, also at affordable price points. Wanting to know why the firm was banking so heavily on open source technology, Diksha P Gupta from Open Source For You, spoke with Milind Shah, chief executive officer, WishTel, who reveals all.

segment, particularly for Android tablets, much earlier. We saw that this space had enough potential for us to make an investment in and build a whole ecosystem.

Why did you choose Android and Linux as your preferred platform?

We as a company specialise in the thin-client and ARMbased ecosystem. Both Linux and Android are most suited for these platforms, and the platforms themselves are gaining momentum. The growth of Android as a tablet platform is yet another reason for us to venture into this segment. If you look at the growth graph of Android devices in the past one year, you will know why every OEM today wants to bring a good Android device into its portfolio.

Open Strategy

What opportunities do you see for WishTel's tablet PCs in the Indian market?

There is a huge opportunity in the Indian market and this will continue to grow further with time. The innovations in this segment and the need amongst people to be connected while on the go are the two major factors contributing in this growth. Because Android is common for all, one will see a lot of customisation and localisation that will be rendered to the platform by OEMs like us in terms of local language support, local service support and India-centric apps.

Do you find enough development happening in this domain?

There are a lot of companies working in this direction. A lot of training institutes are popping up to teach development on the Android platform. Moreover, a lot of developers are interested in the platform merely because of its popularity. So there is no dearth of innovation on the Android platform. There are a whole lot of apps being built in the service verticals including Customer Relationship Management Solutions, Human Resource Management, GPS tracking, etc.

Tablets have been around in India for quite a while now and different OEMs position their devices for different segments. What is the target audience for your products? We are looking at the education and enterprise segments, which I believe will grow phenomenally in the coming months. Students and companies will adopt tablet PCs as an additional device or instead of a laptop. So the scenario may become one in which people prefer buying tablets rather than laptops.

You have quite an elaborate range of Android tablet PCs, but you chose Linux when you launched?

There are two clear distinctions between our products for both the platforms. For Android, the user needs are primarily data and information access, and the computing needs are not very high. PrithV will support more complex computing needs. So, users will be able to run different software, do data modelling, etc.

What kind of research did you conduct before bringing out PrithV?

So, how do you plan to promote PrithV?

We have done extensive research in terms of user acceptability. We have spoken to people who have been working in this space. I identified that Linux is not being well promoted in India. That is why it is not a preferred platform, as of now.

We want to promote PrithV amongst students first. We will give demonstrations of the tablet to the decisionmakers as well, so that they think of Linux as an equally strong alternative to proprietary software.

For U & Me

Do you see PrithV being preferred to a general Android tablet?

I can say that both platforms have their merits and both have takers in terms of different user groups. So the need of the users will determine their platform of choice rather than the popularity of the platform.

To keep launching such innovative products, do you get the desired talent in India or is the R&D done at a foreign location? Frankly, regarding the development for this product, it took not only Indian collaborators but also people working internationally. It is totally an Indian development but we took help from people across the globe for their capabilities in different domains. For example, for some of the simulation in Astronomy, we have taken help from experts in the US and Australia. Linux already has a lot of community development happening round the clock. So, that also adds to the value of the product.

"The growth of Android as a tablet platform is yet another reason for us to venture into this segment. If you look at the growth graph of Android devices in the past one year, you will know why every OEM today wants to bring a good Android device into its portfolio"

Do you plan to have a separate app store for PrithV?

Do you also plan to involve the developers' community in India to work on PrithV?

One complaint from WishTel users has been the poor build quality. Do you plan to address this?

On Linux, we call it a repository. So in PrithV, the platform would be coming out with its repository. The apps for this platform are being developed in-house as well as with our collaborative partners like the Homi Bhabha Centre of Education.

Yes, we have these plans in the pipeline. Currently, we are inviting programmers on a small scale but soon, we will invite programmers from across the board to develop applications for PrithV and make valueadditions to the platform. Existing Linux apps can also work on this platform.

Yes, we are learning and improving with our products. So, the range launched recently comes with a metal body rather than the plastic one, which is one major value-add we have done to improve the build quality. OPeN SOurCe fOr yOu | february 2013 | 91

Open Gurus

Overview

Ten Cool Custom Android ROMs In an earlier article (June 2012), I discussed the advantages of rooting your Android phones and flashing with custom ROMs. This article lists what I consider the top 10 custom Android ROMs for the Samsung Galaxy S3 and other devices.

ith the current availability of advanced quadcore devices, and the immense customisation capabilities built in with Android ICS and Jelly Bean, the ROMing scene has shot up in popularity, with almost every enthusiast with just basic technical skills trying ROMs like CyanogenMod. It now seems plausible that in a few years, things might turn out to be like the Linux community, where innumerable distributions are available— the only limiting factor being the fact that ROMs are specific to the smartphone hardware that they are built for. Actually, this is all that prevents someone from building a website like Distrowatch for Android. In order to get an insight into the Android community, we need to narrow down our search for ROMs of a specific device. Since the Samsung Galaxy S3 is one of the best and the most popular devices yet, let’s look at what we can find to customise this smartphone. Many developers support more than one device, and you'll find that this will U

be loosely relevant to your smartphone too. Custom ROMs for the Galaxy S3 are available in many broad categories. The most popular ones are: Samsung-based ROMs: These are the ROMs based on the official Samsung stock ROM. These types usually provide Touchwiz-specific features like the new Multiwindow, Motion, S Voice, etc. Though the major focus is to remove bloat and add tweaks, users have a choice between many different configurations in different ROMs. AOSP ROMs: These are based on the Android Open Source Project, i.e., they depend on the official Android sources and provide tweaks and customisations along with a ‘vanilla Android experience’, which most users crave. MIUI ROMs: These are based on a version of Android developed by the Chinese Xiaomi Corporation and are well known for their heavy UI customisation abilities and beautiful interfaces, along with robust theming support. AOKP ROMs: Technically, AOKP is an AOSP ROM

Overview itself, but it has become so popular lately that it has evolved into a category of its own, where most ROMs are based on the AOKP source code. It does provide a lot of features and customisation on top of the AOSP ROMs. Cyanogen ROMs: Most ROMs these days are built on top of customisation done by CyanogenMod, so it would be safe to categorise them as Cyanogen ROMs. There are literally hundreds of different ROMs available for Android. And this is in no way a listing of the best; rather, just an indication of the more popular ones—and that, too, will change from time to time. Custom ROMs like these usually get very frequent updates and have many active developers working on them daily. So, while one ROM might be more popular for a period of time, modders and hackers tend to jump ship as and when new attractive features are available on competing ROMs.

CyanogenMod

CyanogenMod is usually first on the list for people new to flashing ROMs, mainly because it supports a huge number of old and new devices, and also because it has got wonderful community support in the form of dedicated forums, IRC and a Wiki. Most users flash the latest ‘nightlies’ (available every night), in order to get the absolute latest in Android development. The CyanogenMod 10.1 nightlies, for example, are available for selective devices like the Galaxy S3, and are built off the Android 4.2.1 AOSP code. These are generally considered to be less stable and may or may not work for your daily purposes, as some feature or the other might be broken, depending on which ‘nightly’ you download.

Figure 1: The Paranoid Android ROM settings page

Open Gurus

MIUI

The MIUI ROM, as discussed earlier, is popular primarily with those who like to customise the look of their phones with fancy lock screens and innumerable tweaks to the Android interface—which make you forget you are using Android. Though the ROM itself is not open source, it is popular among users who say it looks a bit like the iOS interface, due to the initial lack of an app drawer. This is also the very reason it is criticised, but it sure does bring some very important innovations, which are soon going to be open source, according to a recent announcement.

FoxHound

FoxHound is a Samsung ROM specific to the Galaxy S3, which is based on the latest stable Jelly Bean sources. It offers you the latest and best, along with proprietary features like pop-up play, smart stay, etc. Also, as opposed to AOSP ROMs —Bluetooth, NFC, TV-Out, Dock, etc, work flawlessly. However, its most important feature is the Aroma installer, which provides installation options like what you see while installing an operating system on your computer, where you can choose each and every component and application that you want to install on your ROM. You have the freedom to choose from different launchers, kernels, mods, keyboards, themes, etc.

ParanoidAndroid

Paranoid Android is another marvel based on CyanogenMod 10, that makes you thank the Android ecosystem for all the customisability it provides in modding your devices. This particular ROM lets you turn your phone into a mini tablet,

Figure 2: The Ultima ROM default theme

Figure 3: Ultima ROM lockscreen OPeN SOurCe fOr yOu | february 2013 | 93

Open Gurus

Overview

ROM name CyanogenMod MIUI

Download link for Galaxy S3 http://get.cm/?device=i9300 http://bit.ly/11llpG1

FoxHound

http://www.gearengine.it/?page_id=2

Paranoid Android Slim Bean

http://bit.ly/Qa8dPx http://d-h.st/ZIx

Support website http://www.cyanogenmod.org/ http://en.miui.com/ http://forum.xda-developers.com/showthread. php?t=1708371 http://www.paranoid-rom.com/ http://www.slimroms.net/

JellyBam

http://get.jellybam.com/?rom=i9300

http://www.igio90.net/

Omega ROM AOKP UltimaROM WanamLite

http://kitchen.indieroms.net/ blog/?page_id=763 http://bit.ly/UPFhPP http://bit.ly/UE0RkV http://wanamlite.com/forums/showthread.php?tid=72342

http://kitchen.indieroms.net/blog/ http://aokp.co/ http://ultimarom.com/home http://wanamlite.com/tag/galaxy-s3/

and allows you to run selective apps as if they are running on a tablet. This, for example, gives you the benefit of the split-column view in the email app. It does this with the help of per-app DPI adjustment, along with a colour scheme adjustment according to the most prominent colour in the app. Apart from this, it provides the usual customisation features that CyanogenMod does. The support seems to be equally good, with a dedicated forum and chat page to communicate with the development team.

needs to try both in order to form an opinion on which suits you better.

Slim Bean

WanamLite is a Samsung ROM based on the JellyBean update, which offers better battery life and removes all the bloat, whilst providing customisations like call recording, 15 toggle buttons on the notification screen, and most importantly, a lower OS footprint, with the ROM taking up much less space in internal memory as well as RAM. In short, if you want better battery life, more free RAM, and an overall snappy experience with a de-bloated Samsung-based ROM, WanamLite is for you. There are many more ROMs that might be equally popular, but since we are doing a ‘Top 10’ here, I'll restrict my choice to these. Usually, if you ask experts on where to start with a good ROM, most reply with a “Depends on your preferences…” kind of answer—and that makes life much more difficult for people who don't know where and what to look for. However, you should note that it is very difficult to point out which ROM is the best for your particular device. What's more, sometimes it even becomes difficult to differentiate between two popular ROMs, because they look very similar on the outside, and the features available are not too different from each other. Even if you don't find a particular feature in your ROM, you'll find that it is very easy to customise and add new functionality on a rooted Android device, if you know how to go about it!

Slim Bean is a ROM compiled and built from scratch, right from the AOSP code. It also incorporates all the important customised features from CyanogenMod, AOKP and CNd. This includes minor features like User Agent Switcher and Quiet Hours to mute notification sounds, profiles, performance tweaks, etc.

JellyBam

JellyBam is one of those ROMs that offers you the best of all features. It mixes everything from AOKP, CyanogenMod and ParanoidAndroid to offer you everything in one single ROM. It also comes with many performance enhancements, along with many mods, and YouTube HD support.

The Omega ROM series

Omega ROM is also one of the popular ROMs developed by Indie, and is based on Samsung firmware. It offers built-in features like BusyBox, init.d support, Aroma installer, and Google Apps from Android 4.2 on ROM Android version 4.1.2. As usual, it also adds a lot of mods and tweaks after removing the bloatware.

AOKP

AOKP, or Android Open Kang Project, is another popular ROM for Android. It offers innumerable tweaks and configurations and has much more mods, tweaks and customisation options than CyanogenMod. The difference also lies in the layout and development philosophy. One U

UltimaROM

UltimaROM offers the standard Aroma Installer with multiple options, and a bloatware remover. It comes with everything themed in blue, even the default Google Apps like Play Store, YouTube and Gmail.

WanamLite

By: Ankit Mathur The author is a geek with a crush on Java, and also loves flirting with almost anything related to databases and Web technologies. Feel free to poke fun at his articles and direct your feedback to ankitreloaded@gmail.com.

Overview

For U & Me

OpenStreetMap: An Open Source Alternate to GoogleMaps This article introduces OpenStreetMap, which is bound to interest students, engineers, trekkers, cartographers, government officials, law enforcement authorities and anyone who makes use of maps.

t doesn’t matter whether you are a trekker, a cyclist, from a government planning agency, a traffic controller, a cop, a geocacher or a survivalist, there will most certainly be an instance where you would need a good map. People used to buy print maps or used the maps that came with travel guides. But those maps became outdated quickly, and it often took years to update changes that happened as a result of development, settlements and construction of infrastructure. After GoogleMaps was launched, the scenario changed. People rely on it extensively today. But there’s a catch -- you’re only allowed to view the maps in the browser or the Google Earth software. You are not allowed to share them in any way, to extrapolate data out of the maps, or even print parts of the map. That’s a problem when you want to use the map to create a paper-based cycling map, or if you want to extract data for research. So, are there any online map providers who have opened up their maps? Enter OpenStreetMap (OSM for short). OSM is a freely (as in freedom) editable world map. All the map (geographical) data contained in it is open-sourced (Open Data) and licensed under the Open Data Commons Open Database License (ODbL). The map cartography and tiles are licensed under a Creative Commons-AttributionSharealike licence. OSM is analogous to Google Maps. The map is rendered using Mapnik, an open source toolkit (LGPL).

Mapnik renders the ‘Slippy Map’ for OSM in the browser. Mapnik can read from several formats like OSM’s native XML, PostGIS, GeoJSON, ESRI Shape files, etc. Mapnik can be used independent of OSM, but how to do that is out of the scope of this article. Let’s focus on OSM for now. There are a number of reasons for using OSM:

1. Everything in OSM is free, as in freedom. 2. OSM is crowd-sourced. 3. It has very detailed map data. 4. Customised tiles are available. 5. It’s very easy to embed and/ or customise according to requirements. 6. You can access and edit OSM via API calls (REST-based, Yay!) 7. See https://help.openstreetmap.org/ OPEN SOURCE FOR YOU | FEBRUARY 2013 | 95

For U & Me

Overview

Using OSM

There are several ways of using OSM to simply view the map or to view the data contained within. You can use OSM irrespective of the device or the operating system that you have. In the browser: Simply visit http:// openstreetmap.org (or osm.org). You can change the base map by clicking on the little drop-down box at the top right-hand side of the map, and choosing a map (from Cycle Map, Transport Map or the Mapquest Open Map). When viewing the map, aerial imagery is not available, due to licence restrictions (or it won’t be free, so get over it). After you zoom into the map to a reasonable level, you can view the map data by clicking on the drop-down arrow adjacent to the Edit link above the map. It is also possible to export the map data as XML, or an image, by clicking on Export. This way, you can download parts of the map to make roughly printed-out paper maps. On your Android device: For Android, there’s an excellent application called OSMAnd. You can download it either from the Play Store or from the F-Droid application for Android.

OSMAnd Startup Screen

Touch and hold screen to bring up basic navigation tools

Contributing to OSM

Remember that using OSM and letting your friends know about it is in itself a ‘contribution’. That said, you might want to enhance the data for your town or area. OSM provides incredibly detailed maps with several features. On a sufficiently populated map, you should be able to find the location of the nearest ATM of a particular bank, an eatery of your preference, or just about anything else you might want—just by looking at the map. But that’s a result of hundreds of contributions by people like you, driven by necessity and interest. I myself started out by mapping my hometown, and I’ve been mapping since then.

Editing the map

There are several things that can be edited. One can either correct something that’s askew, or add something that should be present on 96 | FEBRUARY 2013 | OPEN SOURCE FOR YOU

Basic map view Settings screen

the map, but isn’t. Most entities can be represented using one of the following: • A node/point of interest • A path/way • A shape/area/polygon There are no curves or circles that you can add. You have to add more points to represent a curve. Map editors have tools that you can use to draw details on the map.

The primary tool is a node editor, which can be used to draw nodes. Two or more nodes make a path. If the path loops in on itself, it’s an area or a polygon. A node represents a point of interest (POI) or any entity that can be simply represented using a single node. Examples are post-boxes, public telephone booths, ATM kiosks, etc.

Overview

Downloading map data on OSMAnd

Paths represent ways or roads. For example, a highway, a cycling path or a trekking trail can be represented using paths. Railway lines are paths too. Large enclosed areas are shapes or polygons. Even large buildings, islands, parks, playgrounds, etc, can be represented as polygons. The actual properties of a node, path or a polygon can be given from within the editor itself. Properties for a highway, for instance, are width, number of lanes, surface type, whether or not the road is a one-way, etc. You can do mapping using GPS coordinates, uploading GPS tracks/ traces, or tracing over satellite imagery.

GPS co-ordinates

The GPS or geographical coordinates of a particular entity on the ground that is denoted by a latitude-longitude number (latlong) can be noted down, and then manually added on the map.

GPS traces

Vespucci interface on Android

These are continuous traces of the paths you’ve travelled on with the GPS device on, continuously monitoring your position. This creates trace files that can be uploaded to OSM and integrated into the base map. The GPS coordinates and traces can be obtained by any GPS-enabled phone with the necessary software, or a GPS device that has a USB interface that you can use to transfer trace files to your computer. If you’re planning to buy one, check out the OSM Wiki page for GPS device reviews.

Tracing over aerial imagery

Vespucci map edit tools

This method is for crude mapping in places where accuracy is not an immediate concern. You can simply bring up the aerial map from Bing (yes, Microsoft Bing!) as a background image to trace structures onto the OSM layer. Important: Tracing over aerial imagery is very error-prone. Never attempt to correct existing map data to match with aerial imagery. Satellite images have parallax errors, and are

For U & Me

far from accurate. So unless absolutely necessary (like when trying to map a very remote rural place), do not attempt to trace. GPS-based methods are the most accurate.

Editing OSM using Potlatch

Potlatch is an in-browser Flash-based map editor for OSM. You can use it to add data to the map without the need for any special software. The only requirement is to have the Adobe Flash plug-in for your browser. Note: The Gnash plug-in does not seem to work. If you are particular about not installing Flash/proprietary software, just skip to the JOSM section below. Once you have zoomed in to the location that you want to edit, click the Edit link on the top, and enter your credentials to log in to OSM. (You’ve registered by now, haven’t you?) Once you’re logged in, Bing’s aerial imagery shows up in the background; you can choose from the drop-downs to either sharpen the background, or do away with it. Now, add nodes by double-clicking at a single point. You can add paths by clicking a trace path and double-clicking at the last node. To create a closed polygon, simply click on the first node after you’ve created all the other nodes. After creating a node or a path, you can add properties to it by choosing an appropriate one from the panel on the left-hand side. You can also drag the points into the map to directly place a particular entity on the map. Try clicking the tabs to see the various properties that you can give to the nodes. As mentioned earlier, nodes are often called Points of Interest (POI) in OSM lingo. To undo something, hit Backspace or Delete; Backspace removes nodes one by one, in the reverse order. Or simply click on the final node, path or shape, and hit Delete to remove it. Maps can be dragged using ‘click-drag’ even while editing the map. Once you’re done editing the OPEN SOURCE FOR YOU | FEBRUARY 2013 | 97

For U & Me

Overview

map, click on Save and give an appropriate comment to describe the changes that you made. Subsequent changes in the same session do not require any new comments.

Editing OSM using JOSM

JOSM is a Java application that can be used to edit OSM. It’s the most popular program used to edit OpenStreetMap. It’s very easy to install and use, and it’s really fun too. Download JOSM from http://josm. openstreetmap.de/josm-tested.jar (a Windows installer is at http://josm. openstreetmap.de/download/windows/ josm-setup.exe) to install it via the Ubuntu package manager, and simply apt-get it from the repositories. You may want to upgrade the package later. To update to the latest JOSM version from the package maintainer’s version, download the JAR file from the JOSM site, and copy it to /usr/share/josm with the file name josm.jar.

Potlatch loading on Firefox

Running JOSM

Go to the directory in which the JAR file has been downloaded, then run java -jar josm-tested.jar or on Ubuntu, run / usr/bin/josm.

Using JOSM

Before you do any editing, you could download a base map to start working on. Go to File-> Download From OSM (Ctrl+shift+down arrow key) and select a small area you want to work on. This area could be your town or city. After that, you would be able to see the features of the map that have already been done. You are now ready to start mapping. To pan over the map, right-click and drag. You’d create nodes by double-clicking, and paths by clicking along the path (ending in a doubleclick), and polygons by clicking along the sides of the polygon—ending by clicking again on the start node. You can switch between drawing mode and select mode by pressing ‘a’ for drawing mode and ‘s’ for select mode.

98 | FEBRUARY 2013 | OPEN SOURCE FOR YOU

Potlatch map edit view

In the select mode, you can click on points, delete them, move them around, or rotate them. After drawing the nodes, you can add properties to them by clicking on the preset menu. To add more attributes, locate the Properties/Memberships window (Alt + Shift + P to toggle) and click the Add button. You can choose from a plethora of available keys and values. When necessary, you can also add custom values. For a road, a key may be surface type and a value may be Gravel or Asphalt.

Become a Ninja

Exploration and discovery is the best way to learn. You can learn a great

deal about JOSM by exploring the various tools and options. Check out the various windows that JOSM has, and find out what each one of them is for. Experiment a lot before you do an actual data commit. This way, you get to become familiar with the basics of OSM and mapping. Once you get comfortable with the interface and the concepts, you will be ready to go ahead and do the advanced stuff on the path to becoming a mapping Ninja (like a black belt for mappers; and in case you’re wondering, I flaunt a white belt!) Once you’re done, upload the data to the OSM servers by clicking File -> Upload data (Ctrl+Shift+Up arrow).

BUSINESS PAGES

For U & Me

Overview

You can go to osm.org and find out if your changes have come into effect. You should make it a habit to review the changes that you make before you upload them to the servers.

Editing OSM using Vespucci

You can edit OSM from within Android using Vespucci, which can be installed using F-Droid. If Vespucci sounds familiar, it’s only because you learnt about Amerigo Vespucci in your history classes. That guy got an entire continent (the Americas) named after him. Usage of Vespucci is quite straightforward, as images on page 97 demonstrate:

The Walking Papers method

Walking Papers is a site that lets you print aerial maps of your locality, and you can draw features on them using a pencil, relying on your knowledge of the place, and then scan them back to Walking Papers—eventually, you upload the changes to OSM. This is very helpful in mapping village areas.

How do I get help?

General help can be found at help. openstreetmap.org while if you are the IRC type, hit irc.openstreetmap. org (#osm and #osm-dev). The FAQs are at wiki.openstreetmap.org/wiki/ FAQ while the developer FAQs are at wiki.openstreetmap.org/wiki/ Developer_FAQ. Mailing lists are at lists.openstreetmap.org. Switch2OSM is an excellent place to begin. To learn about editing, head straight to learnosm. There are several publications, books and online tutorials available to get you started. Trust me, it’s fun and addictive.

How do I help OSM?

There are many ways you can contribute to OSM itself, and the guys running the servers. Here are some possibilities: 1. Use OSM (duh!) 2. Advocate: Write about OSM, blog, speak, etc. Start online radio on 100 | FEBRUARY 2013 | OPEN SOURCE FOR YOU

Icecast and spread the word (or is that a bit too radical?) Teach: Create tutorials and videologs, publish them on YouTube or Vimeo. Edit the maps: The more data the map has, the more useful it becomes. The more accurate the data gets, the more reliable it becomes. So go ahead and hack the map. The OSM foundation is a non-profit organisation; so how about giving them some of your money? Lead by example: Use OSM in place of proprietary maps when you embed, or send directions to people.

Use cases and case studies

OSM can be used in various scenarios. To give you a couple of known examples, Wikipedia and Flickr use OSM for their mapping needs. Flickr uses OSM to put geo-tagged pictures on maps. Some articles of Wikipedia use OSM to represent areas of the world. Lesser-known is the use of maps in humanitarian relief projects. The Humanitarian OSM Team (HOT) comprises a number of cartographers who coordinate the creation and distribution of mapping resources to support humanitarian relief efforts in several parts of the world. Haiti

benefited by this project during the earthquake that ravaged the place not too long ago. These maps can also be used to plan routes during treks or even emergencies. Rescue workers can use the maps to plan escape routes. The data can be used by governments to decide on resource allocation and city planning. The possibilities are endless.

OSM on paper

Apart from the obvious way of exporting the map as an image from the browser for printing, there are better ways to put OSM on paper. One is FieldPapers that lets you print maps and make notes on them, and put them back on the server for later use. Check it out for more features. The project is open source, and you can view the source code on GitHub. So, the next time you go on a trek, take a print map from OSM with you. Upload the data back to OSM. Click a few geo-tagged photos of awesomeness. We should even organise a mapping marathon, or an OSM Day featuring a day-long map-hacking session and a few talks—and have fun at the same time. There are several mapping projects that you can get involved in. If a zombie apocalypse breaks out tomorrow, I have my maps ready. Do you?

Reference [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15]

https://help.openstreetmap.org/ http://switch2osm.org http://mapnik.org https://www.google.com/intl/en_in/help/terms_maps.html https://www.youtube.com/watch?v=OM6XIICm_qo https://wiki.openstreetmap.org/wiki/OsmAnd http://replicant.us/2010/11/fdroid-a-free-software-alternative-to-google-market/ https://wiki.openstreetmap.org/wiki/GPS_Reviews http://code.google.com/p/osmeditor4android/ http://www.learosm.org http://switch2osm.org/find-out-more/ http://walking-papers.org/ https://wiki.openstreetmap.org/wiki/Humanitarian_OSM_Team http://fieldpapers.org/about.php https://wiki.openstreetmap.org/wiki/Mapping_projects

By: Yogesh Girikumar The author is a Linux/Free Software enthusiast.

Recruitment Trends

For U & Me

There is a huge dearth of open source professionals, particularly in north India Naukri.com, one of the leading job portals in India, swears by open source technology. The tech team at Naukri uses open source technology day in and day out. But do they get enough people to make working on open source a smooth operation? The answer is 'No'. Vibhore Sharma, chief technology officer, Naukri.com, opines that there is huge demand for open source talent but not enough supply. In an exclusive tête-à-tête with Diksha P Gupta from Open Source For You, Sharma threw light on the hiring scene at the company.

Why did you choose to deploy open source technology?

Initially, when the site was launched, UNIX was the open source alternative. Frankly, we did not have enough money, so we started off with something that was available for free. Later, it became our philosophy because we realised that whatever we saved would be what we earned. We use whatever technology is freely available because we don't want to spend money on buying licences. We carried on with the same philosophy even when we started earning money because we did not find any merit in buying software when whatever was available in open source was good enough. Open source allows one to be self-reliant. You don’t have to wait for a third party to solve your problems. You just need to dive deep into the code and find your solution. We began with open source in 2001-2002. It was not too difficult for me to convince the people around me, though they had no idea of what technology it was. But since it was free and it did not rock the boat, they gave me the go-ahead.

Did you get the right kind of professionals to go with your plans?

No, we still don't. There is a huge dearth of open source professionals, particularly in north India. It is slightly better in south India, especially Bangalore. So we actually go to that part of the country for our hiring. We had earlier tried hiring in this part of the country but for the past couple of years, we have started going south.

What kind of talent do you hire?

We don't essentially hire people with expertise in open source technology. We either hire freshers or people with 1-2 years of experience. A little knowledge of open source technology is an added advantage. When we bring people on board, we coach and train them on the platforms we use. We basically look at the programming skills of a candidate. We prefer those with experience in something open like Java or PHP. That's how we start. OPEN SOURCE FOR YOU | FEBRUARY 2013 | 101

For U & Me

Recruitment Trends

What is the reaction of customers and partners about your use of open source technology? Does the dearth of talent not affect your business?

had to detach then. Besides, if you have to open source a piece of software, the quality of code should be very good and it should not break under any circumstances. We have been wanting to contribute for a long time but Well, there's no denying that hiring and maintaining talent ultimately, as an organisation, it is difficult to make with good exposure to open source technology is difficult. It is usually individuals But having said that, we at "There's no denying that hiring contributions. who make contributions. So, we can Naukri, allow our developers to and maintaining talent with only evangelise and recommend that be as experimental and creative as possible. Hiring is definitely good exposure to open source our employees contribute to projects. a challenge because the kind technology is difficult. But, we What usually happens is that either are low on bandwidth to do that of expertise we want people at Naukri, allow our developers people or their applications’ designs do not to have is not available. But I to be as experimental and permit them to take out a piece of code think the situation is changing creative as possible." and give it away to the community. But considerably today. People we are trying to move people in that now know how the Linux —Vibhore Sharma, CTO, Naukri.com direction now. operating system works, but its administration and management is still difficult. There is still a shortage of professionals on the expertise front. For What are the major challenges you face while doing example, a lot of professionals don't know about the simplest business with open source technology? things in Linux virtual environments. So, what I understand The first major road block is the unavailability of talent. is that people are aware of open source technology nowadays, Second is the learning curve within the country. People but there is a lack of in-depth knowledge about the subject get coaching and training on proprietary software easily matter. They know how Linux works, they know about basic but when it comes to open source technology, the scene commands but there is no in-depth knowledge. is exactly the opposite. Third, finding support for newer platforms is slightly different. There are no SLAs, so you have to find your own way. There is always a risk added to Do you feel the need to connect with the community and it. Sometimes you may find answers to your problems and discuss the technical issues? sometimes you may not. The benefit is that you always have Yes, we are engaged with the people developing the platforms the option of delving deep into the source code to find out that we work on. I have participated in the open source event the root cause of the problem. organised by EFY as well, to interact with the community. MySQL is one of our most prominent tools. We have interacted with the community around MySQL whenever we got stuck. As I see it, there is good demand for open source talent In fact, that is the way to go about things in the world of open in India but the supply is not adequate. What do you source technology. This is the biggest advantage of using it. believe are the reasons for this? One can always go back to the community for any help. But in The first and foremost reason is slower pace of adoption of open our case, we have not seen that need arising often. source technology. A lot of companies still don't want to adopt open source technology. A lot of institutes don't care to teach open source technology. If we look at the education given in Do you or any of your team mates interact with the open colleges, it is very different from how industry works and wants source community now? students to be. If you look at the engineering colleges, not all Not as much. have open source technology as a part of their curriculum.

Q Q

Why not?

As mentioned earlier, we already face a dearth of good talent. One prime purpose of choosing open source technology is that there is already a lot of work done around each open source project, so one does not need to invest that much in technology. Organisations that do interact with the community have enough of talent. Second, I think there is also a cultural aspect to this. We want to pay back and contribute to the open source community. We will do that sometime in the future but as of now, we do not have enough resources to do so. Also, earlier there was a challenge. The software was built in a way that a lot of IP was tied into the code. So we 102 | FEBRUARY 2013 | OPEN SOURCE FOR YOU

So even with freshers, do you look only at south India or do you explore colleges from the north as well?

What kind of training do you provide?

While hiring freshers, we don't have to look for any particular skill set except their basic knowledge. So, we don't mind exploring north Indian colleges as well. We hire freshers and then train them.

We have an induction capsule comprising four-five platforms around which we teach and conduct courses for a month and try to get people accustomed to the technologies that we use.

Career

For U & Me

The Most Popular Open Source Programming Languages OSFY gets an update from industry leaders on the top open source languages that will be in demand this year.

f a recent survey conducted by Dice Holdings, a jobs posting website, is anything to go by, developers with razor-sharp open source programming skills will stand out when their resumes fall on recruiters desks. Various studies indicate that technology professionals with these skills and expertise are being sought after like never before. With open source technology fuelling the modern economy and offering great growth opportunities for developers, we get a low-down from industry experts about the top open source programming languages that will be in demand this year.

PHP

In a recent poll conducted by the OSFY team on its Facebook page to find out the most popular open source programming language, PHP made its way to the No 1 position. According to industry stalwarts, not only is PHP developer-friendly, but there is a surge in the demand for PHP experts. Rahul Mehra, CEO, UGS Academy, Noida, shares, “The fact that open source packages like Drupal,

Jhoomla, etc, are built on PHP only explains why it is being touted as the most popular open source programming language. Bigger organisations do hire PHP professionals, but PHP has caught on more at small and medium-based enterprises since it is budget-friendly.” Ask Mehra about the salary trends for PHP professionals and he adds, “In India, the salary trends are on the lower side. The reason is that, initially, premium companies latched on to software applications using Java, Microsoft or IBM Mainframe, since these were the languages available then. And these companies are still continuing with the same. So the equation is: bigger pockets=bigger salaries. And certainly, you cannot expect SMEs to offer the same salaries that big companies do. But this is only in India. The global scenario is quite upbeat.”

Python

According to our Facebook survey, Python ranked third among the open source programming languages OPEN SOURCE FOR YOU | FEBRUARY 2013 | 103

For U & Me

Career

in demand. Prabhu Ramachadran, managing director, Enthoughts, India, and a faculty member of IIT Mumbai, elaborates, “Python programs are generally expected to run slower than Java programs, but they also take much less time to develop. Developers can easily learn the language and express themselves effectively. The best part of Python is it can be readily connected with other languages. It will not be out of place to say that anyone who has a love for coding will definitely learn Python as a first language.” And what are the skills one must have to be a good Python expert? “Someone who cares about the quality of the code will certainly excel as a Python professional. So, the job prospects are extremely good for adept programmers as big ventures like Google, Dropbox, etc, hire IT professionals with expertise in this domain,” says Ramachandran.

Perl

An analysis of hiring trends has revealed that the demand for Perl experts in the workplace is on the rise. Rahul Soni, technical director, ThoughtBeat, Mumbai, reveals, “Perl, which has recently turned 25, when combined with CGI (Common Gateway Interface) scripting, becomes more powerful and can do wonders. In fact, it did gain momentum in the late 90s as a CGI scripting language. I would say that wherever there is no Web interaction, its performance is stupendous. If you talk about the salary trends, it is comparatively higher-than-average, but Perl may not be ideal for some applications, potentially limiting job prospects.”

Ruby on Rails

While languages like Python, PHP and Java are making

waves in the developer world, how does Ruby on Rails fare in the job market? Shubradeep Nandi, an expert trainer in E3 Infotech, Gurgaon, quips, “Ruby on Rails is indeed impressive and now robust in the market. Ruby on Rails can be more effective when combined with Javascript. It is very scalable and once developers use this language, they don’t want to switch to any other. If you talk about the recruitment scene, I would say that it is in the growing phase in India, so it will take a few years to evolve as an independent language that can create millions of jobs in India. But yes, small and medium sized enterprises are hiring professionals who have expertise in this domain.”

Java

According to our Facebook survey, Java ranked second in the list. Explaining the reason for the popularity of Java, Neeraj Kumar, director, Tech Mentro, says, “The poll result was quite expected. Java is popular because of its wider acceptance. Whether it’s the mobile or the desktop, Java is primarily used to build apps. So it naturally spells vast career opportunities for developers. Though other languages are making inroads in the developer domain, Java is very much here to stay. The career growth prospects, too, will be quite enduring, in the years to come.”

By Priyanka Sarkar The author is a member of the editorial team. She loves to weave in and out the little nuances of life and scribble her thoughts and experiences in her personal blog.

osFY Magazine attractions during 2013-14 Month

theMe

Featured List

March 2013

Virtualisation

Virtualisation Solution Providers

April 2013

Open source Databases

Certification & Training Solution Providers

May 2013

Netwok monitoring

Mobile Apps

June 2013

Open Source application development

Cloud

July 2013

Open Source on Windows

Web Hosting Providers

August 2013

Open Source Firewall and Network security

E-mail Service Providers

September 2013

Android Special

Gadgets

October 2013

Kernel Special

IT Consultancy

November 2013

Cloud Special

IT Hardware

December 2013

Linux & Open Source Powered Data Storage

Network Storage

January 2014

Open Source for Web development and deployment

Security

February 2014

Top 10 of Everything on Open Source

IT Infrastructure

104 | FEBRUARY 2013 | OPEN SOURCE FOR YOU

Array Networks Brocade Cisco D-Link HCL Technologies HP

Wipro

Huwaei IBM Juniper Qualcomm Sify Tech Mahindra Array Networks Brocade Cisco D-Link HCL Technologies HP

Wipro

Huwaei IBM Juniper Qualcomm Sify Tech Mahindra

A List Of IPv6 Solutions Providers Array Networks | Bengaluru The integrated IPv6 gateway on Array APV appliances helps organisations formulate their strategy for IPv6 migration. The various technical controls include dual stack IPv4 and IPv6 SLB, IPv6 SLB, NAT64, DNS64, compression and cache support for IPv6 traffic, all of which provide smooth transition to IPv6 networks.

Brocade | Bengaluru Brocade provides networking equipment for data centres, campus/LAN networks and service providers (ISP, IXP, Internet content providers, telcos, cable companies, etc) that support IPv4 and IPv6 with the required routing horsepower. Brocade offers one of the industry's most complete families of IPv6 uni-cast, any-cast, multi-cast and transition protocols.

Cisco | Bengaluru As part of its IPv6 solution, Cisco implements the primary integration techniques of dual-stack, tunnelling and translation that are required by all environments. Cisco IPv6 Services helps organisations to successfully adopt IPv6 through a phased approach in which Cisco identifies and assesses the highest priority IPv6-critical areas in the network to determine the IPv6 design scope.

LEADING

D-Link | Mumbai All new D-Link routers, switches and access points are IPv6-ready. D-Link networking solutions support dual stack and tunnelling techniques for a smooth transition. D-Link is one of the major networking vendors actively promoting the new Internet Protocol. D-Link has worked to combine IPv6 readiness with contemporary technologies like 802.11ac and IEEE 1905.1 for connectedness.

ESDS | Nashik The company now offers its indigenous Cloud Hosting Solution, eNlight Cloud with IPv6, along with integration of new features and enhanced performance. eNlight Cloud is a unique auto-scaling cloud hosting solution that supports pay-per-consume billing model, as against pay-per-allocation which most popular cloud hosting vendors offer. Widely appreciated in the industry for its range of unique features and enterprise class performance, eNlight Cloud now has the distinction of being the first cloud hosting solution in the industry that supports the power of IPv6! IPv6 opens up a considerably larger pool of IP addresses, owing to its 128 bit length. ESDS has successfully integrated IPSec with IPv6, thus ensuring confidentiality, authentication and integrity of data. The company has leveraged its vast expertise in successfully setting up complex networks to ensure maximum security levels for IPv6, and in turn address all major security concerns that recently surfaced around it. Leading clients: Ram Bandhu, D-LINKS, Spice, ,Taparia, Aicte, MPSC and Ericsson. USP: eNlight Cloud empowered with IPv6 will help the webmasters and developers make their websites/applications cloud, as well as IPv6 enabled without any major code modifications. With IPv6 and eNlight’s inherent features, enterprises as well as SMBs can now utilize the power of Cloud Computing for hosting their websites and applications. Website: www.esds.co.in

HP | Bengaluru HP has a complete lifecycle of IPv6 services, from strategy workshops, readiness assessments, architecture and design, through transition consulting, integration and deployment. HP’s breadth of expertise and experience in a multi-vendor IT environment makes it an ideal partner to work with clients to deliver a smooth migration to IPv6.

Huwaei | Bengaluru To help operators face the IPv4 address depletion and IPv6 transformation, Huawei provides solutions that integrate IPv6 to legacy networks by using technologies like dual stack, 6PE, L2TP, and 6to4. Operators can use these to introduce IPv6 users and services gradually in their existing networks. U

Array Networks Brocade Cisco D-Link HCL Technologies HP

Wipro

Huwaei IBM

IBM | Bengaluru

Juniper Qualcomm Sify

IBM is taking a systems-level view of IPv6 by providing end-to-end solutions that include appropriate application, middleware, hardware and service offerings to take advantage of the expanded functionality IPv6 enables. The company is well positioned to meet the needs of commercial and government customers seeking to transition to IPv6.

Tech Mahindra Array Networks Brocade Cisco D-Link

Juniper | New Delhi

HCL Technologies HP

Wipro

Huwaei

The company's next generation network addressing portfolio of IPv4 address conservation, IPv4-IPv6 address coexistence and IPv6 transition technologies includes IPv6, v4/v6 dual stack, NAT44, NAPT44, NAT-PT, NAT64, 6to4PMT, 6rd and DS-Lite. These technologies help network operators improve subscriber and service scale, mitigate IPv4 address depletion, and pragmatically transition to IPv6 based on business requirements.

IBM Juniper Qualcomm Sify Tech Mahindra

Qualcomm | Mumbai The Qualcomm Atheros AR4100 is a small form-factor, single-stream, 802.11n Wi-Fi system-in-package (SIP) device that enables manufacturers to reduce M2M system costs and simplify system design. The AR4100P is an enhanced version of the FCC-certified AR4100 that includes an integrated IPv4/IPv6 TCP/IP stack, enabling lower system costs and easier technology adoption.

Sify | Chennai The company has a dual-stack (IPv4 and IPv6) compliant edge with an MPLS enabled NGN core supporting transport of IPv6 packets along with IPv4. With the dual-stack edge, Sify can offer IPv6 VPN and Internet transit services to its enterprise customers. Sify is the only ISP member in the project 6Choice, an India-Europe cooperative venture for promoting IPv6 adaption. Sify is funding the development of case studies based on its experiments, in order to promote IPv6 migration in the industry.

Tech Mahindra | Pune With the company’s in-depth knowledge of the communications and enterprise ecosystem, Tech Mahindra and Mahindra Satyam offers services in IPv6 consulting, network planning and design; network transformation and testing; security assessment and transition; application software transition and testing, etc. Tech Mahindra has been empanelled by DoT, Government of India, to provide IPv6 consultancy, implementation and project management.

Wipro | Bengaluru Wipro has vast experience in building and managing complex IP networks on a global scale. It is therefore well positioned to provide IPv6 consulting and transition services to service providers and enterprises of all sizes and in any part of the world. For those enterprises that already have an IPv6 network up and running, Wipro's experience in application development could help recover some of the investments made by taking advantage of IPv6's capabilities. OPeN SOurCe fOr yOu | february 2013 | 107

TIPS

TRICKS

Know your directory size

At times, when clearing up server space, we may need to find the large-sized directories. For that, you can use any of the following commands. The first command listed assumes that the file sizes are in MB. If it’s GB, of course, you have to replace M with G. This will help you to find out large sized directories.

favourite sound now, while you log in to the system. —Karthikeyan, innovatorforindia@gmail.com

Packet capturing in Linux

Here are a few simple tricks for using the tcpdump command.

du -sh * | grep M

To display the total size of all directories:

To view the packets quickly: tcpdump -qnnpi eth0

du -sch * | grep M

If you suspect it is a file taking up a lot of space, you may need to change the command to:

To view all the packets in ASCII format: tcpdump -Annpi eth0

To view all packets in the Hex and ASCII formats:

du -ah * | grep M

—Ajith.T.A, ajiththarayil@gmail.com

Getting back the start-up sound in OpenSUSE

tcpdump -Xnnpi eth0

To view packets with the L2 layer:

If you are a hard core GNOME user of OpenSUSE, like me, then you definitely miss the login/start up sound. Unlike Ubunutu, OpenSUSE does not have a login sound, by default. The login sound can be added by following the steps shown below. Step 1: Rename your audio file as ‘desktop-login’. The file format can be either .ogg or .oga file Step 2: Now move your audio file to /usr/share/sounds/ freedesktop/stereo/ You cannot do this until you gain a write permission of the folder. Open your terminal and type:

tcpdump -eqnnpi eth0

sudo chown -Rv username /usr/share/sounds/freedesktop/stereo/

Most Linux distributions have Screen already installed. If not, then install using apt-get OR yum. Now to share your terminal type, issue the following command:

Then press Enter. You’ll be prompted for the root password, so provide it, or else just copy the audio file to / usr/share/sounds/freedesktop/stereo/ as a superuser. Step 3: Restart your computer. It will play your U

To save the captured packets: tcpdump -qnnpi eth0 -w capture.pcap

capture.pcap can be opened using the famous tool Wireshark. —Prasanna, prasanna.mohanasundaram@gmail.com

Share the terminal session

screen -S screen-name

…and tell other users to type the following:

$ pgrep | wc -l

screen -x screen-name

e.g.

This will allow other users to monitor your terminal session. P.S.: All users must be logged in with the same user account. —Vizay Soni, vs4vijay@gmail.com

pgrep java | wc -l

SFTP-only access

We all know that sftp is the secure file transfer protocol, but it is the sub-system of ssh. In general, the sftp account can also connect via ssh to the server. Here is the easy way to create only a sftp account that will not be able to connect through ssh. 1. First, find the sftp-server absolute path: [root@sftp:~] grep sftp /etc/ssh/sshd_config Subsystem

sftp

/usr/libexec/openssh/sftp-server

2. Add the sftp-server to the shells file:

Output will be like this: 2

—Kousik Maiti, kousikster@gmail.com

Searching the command history

One of the greatest features of the bash shell is command history, which makes it easy to navigate through past commands by navigating up and down through your history with the up and down arrow keys. This is fine if the command you want to repeat is one of the last few commands in the history you executed, but the process becomes tedious if you have to go through the last 75100 commands in your history to access this command. To speed things up, you can search interactively through your command history by pressing Ctrl+R. After doing this, your prompt changes to: (reverse-i-search)`’:

echo ‘/usr/libexec/openssh/sftp-server’ >>/etc/shells

3. Create a sftp user named sftpuser1: useradd -c “SFTP Only User” -s /usr/libexec/openssh/sftp-server

Start typing a few letters of the command you’re looking for, and bash shows you the most recent command that contains the string you’ve typed so far. What you type is shown between the ` and ‘ in the prompt. In the example below, I typed in htt

sftpuser1 (reverse-i-search)`htt’: rpm -ql $(rpm -qa | grep httpd)

4. Set the password or use the ssh keys to log in. Now user sftpuser1 can log in with sftp and not ssh. —Natraj Solai, linuxraja@gmail.com

Find the PID of a process and count its instances If you want to see the PID of a process, run the following code:

$ pgrep e.g.

This shows that the most recent command I typed containing the string htt is: rpm -ql $(rpm -qa | grep httpd)

To execute that command again, I can press the Enter key or press Ctrl+R to search the next instance of it in the command history. This can be a real time saver for people working on Command Line Interface. —Sudhir A V , av.sudhir@gmail.com

$pgrep java

The output will be like: 7541 29148

To find the number of instances, run the following command:

Share Your Linux Recipes! The joy of using Linux is in finding ways to get around problems—take them head on, defeat them! We invite you to share your tips and tricks with us for publication in OSFY so that they can reach a wider audience. Your tips could be related to administration, programming, troubleshooting or general tweaking. Submit them at www.linuxforu.com. The sender of each published tip will get a T-shirt.

OPeN SOurCe fOr yOu | february 2013 | 109

CALENDAR FOR-2013 eVeNTS TO LOOK OUT FOR IN 2013 Date

Name of the eveNt

website

21st – 23rd feb, 2013

efY expo 2013

This is a unique electronics event that focuses not only on "components" and "manufacturing equipment", but on the entire ecosystem for electronics in India. From innovation and product design, to manufacturing and product sales, this event provides a perfect platform for innovators and design engineers, to manufacturers and B2B buyers to connect together.

Pragati Maidan, New Delhi

http://www.efyexpo.com/

27th feb – 2nd mar, 2013

Nullcon Goa - international security conference

A security conference series - an initiative by null - The open security community, a registered not-forprofit society.

The Bogmallo Beach Resort, Goa

http://www.nullcon.net/

5th – 6th mar, 2013

the mobile strategy summit

From identifying the building blocks for a successful Mobile strategy to understanding the power of analytical data from all the mobile sources, this summit has it all.

The Taj Mahal Hotel, New Delhi

http://www.fleminggulf. com/conferenceview/ The-Mobile-StrategySummit/408

6th – 10th may, 2013

interop, las vegas

A place for thousands of information technology professionals to gather for unparalleled networking.

Mandalay Bay, Las Vegas

http://www.interop.com/ lasvegas/

13th – 14th may, 2013

Gartner it infrastructure operations & Data center summit

This Summit offers guidance on turning today's improvements in IT infrastructure and process efficiency into tomorrow's business advantage.

Grand Hyatt, Mumbai

http://www.gartner.com/ technology/summits/ apac/data-center-india/

23rd – 24th may, 2013

cloud connect

A focused conference that will bring together the entire ecosystem of the cloud. From IaaS, PaaS and SaaS, Cloud Connect India is one single place to see the latest technologies in action.

NIMHANS Convention Center, Bengaluru

http://www.cloudconnectevent.in/

10th – 11th Jun, 2013

Gartner business intelligence & information management summit

This summit provides Business Intelligence professionals and IT executives with world class research.

Grand Hyatt, Mumbai

http://www.gartner.com/ technology/summits/ apac/business-intelligence-india/

18th – 21st Jun, 2013

communicasia2013 / enterpriseit2013

Being the Asia’s largest integrated info communication technology event, it is instrumental in connecting the ICT industry.

Marina Bay Sands, Singapore

www.CommunicAsia. com & http://www.gotoenterpriseit.com/

30th sep – 4th oct, 2013

interop, New York

Interop New York offers sessions and networking opportunities open to all attendees.

Javits Center, New York

http://www.interop.com/ newyork/

21st – 23rd oct, 2013

Gartner symposium/ itxpo, Goa

It is the world's most important gathering of CIOs and senior IT executives.

Goa

N.A.

13th – 15th Nov, 2013

open source india

It is the premier Open Source conference in Asia targeted at nurturing and promoting the Open Source ecosystem in the subcontinent.

NIMHANS Convention Center, Bengaluru

http://osidays.com/ osidays/

27th – 29th Nov, 2013

interop, mumbai

Explore how to leverage new technologies and innovation for increasing productivity and improve collaboration.

Bombay Exhibition Center, Mumbai

http://www.interop.in/

Postgres Enterprise Manager Enterprise PostgreSQL Database Management Postgres Enterprise Manager enables DBAs to efficiently manage, monitor, and tune more Postgres servers en masse from a single console, than any other tool.

Monitoring Data

PEM Server Database Management Connection

Enterprise Management Connection

Managed Hosts (running PEM Agents)

Postgres Enterprise Manager (PEM) Architecture

Database Management Connection

Unmanaged Hosts

Feature Highlights: New: Web Client Access monitoring console from any browser enabled device New: Log Manager Configure logging en masse and view a consolidated dashboard Capacity Manager Provides trend analysis for storage and hardware plans Audit Manager Configure and manage audit logging in Advanced Server

PEM Clients

Monitor Performance Dashboard for I/O, storage, memory, user activity & more Alert Management Pre‐defined & custom alerts notify you by SMTP or SNMP Postgres Expert Helps enforce best practices with expert suggestions SQL Profiler Efficient troubleshooting and optimizing of slow SQL Team Support Create views/access to database servers on the network by roles

Postgres Expert: A ‘DBA‐in‐a‐Box’ Detects Best Practice Deviations Provides expert recommendations to optimize performance and operations Scans Critical Areas •Hurry! Security Offer expires September 30, 2012 • Schemas • Configuration • Much more… Creates HTML Reports based on Findings

* • Training for Administrators and Developers • Packaged and Professional Services Call: +1 781‐357‐3390 or 1‐877‐377‐4352 (US Only) Email: info@enterprisedb.com, downloads.enterprisedb.com

EnterpriseDB Software India Private Limited Unit # 3, Ground Floor, Godrej Castlemaine, Sassoon Road Pune – 411001

Test, develop and deploy your application on VMware vCloud powered cloud T worth +91 20` 25,000*, 3058 9500 +91 20 3058 9502 for www.enterprisedb.com Avail free cloud credit visit Fwww.cloudinfinit.com more details

Open Source ...ary 2013

Articles inside

singapore s$ 9