Setting up Synergy 1.8.8 with SSL on OS X El Capitan as the server and Ubuntu 16.04 as the client

Synergy is a free and open source software (licensed under GPLv2) for sharing one keyboard and mouse between multiple computers. The source is hosted here on GitHub and the Synergy website provides compiled, installable releases with support for SSL encryption for a fee.

At work, I have a Macbook Pro laptop running OS X El Capitan and an Ubuntu 16.04 desktop connected to a monitor which I use daily. Working on two separate computers at the same time is laborious and thanks to Hiemanshu, I came to know about Synergy.

Eager to try it out, I built it from source after patching (to use the Qt installed on my Macbook using Macports) and with minimal configuration, I was able to get it to work. But since my computers were connected to the corporate network, I did not want my keystrokes to be sent through the network in plaintext. So till today, I used an SSH tunnel between my Macbook acting as the server and the Ubuntu desktop acting as a client. It was a little bit inconvenient having to setup the SSH tunnels every time and I didn’t want to use something like autossh.

Imho, in the post-Snowden era, any software sending sensitive plaintext data through the network is broken by design. Since Synergy is free software, I was hoping to patch it to allow SSL communication without requiring a license. With some help from the comments and pull requests on the Synergy GitHub repository and some additional tweaking, I was able to build Synergy 1.8.8 with support for SSL irrespective of the licensing status.

The following details of how I managed to do it are primarily for my reference and I am sharing it on my blog in the hope that it might be useful for others as well. That said, Synergy is a very useful free/libre software and I recommend purchasing a license to support the development. One of the Synergy developers has committed to enable SSL communication by default in the 2.0 version.

Steps to be followed on OS X El Capitan

  • Clone the Synergy GitHub repository from  and checkout the 1.8.8-stable branch
  • Apply this patch to fix the Qt related paths and also to enable SSL without license check. For Qt installed without using Macports, tweak the frameworkRootDir variable in the patch to point to the correct directory. Also tweak the path to the Info.plist to point to a valid path.
  • If the Mac OS X 10.11 SDK is not present under the /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs directory, Download it from this GitHub repository and copy it to that directory.
  • Install the dependencies of Synergy (cmake, qt5) using Macports.
  • Navigate to the top-level directory of the repository and run ./hm.sh conf -g2 --mac-sdk 10.12 --mac-identity ElCapitan where the current OS is El Capitan and the available default Mac OS X SDK is 10.12. Modify the parameters based on the available SDKs and the OS version.
  • After the previous command completes without errors, run ./hm.sh build to start the build process.
  • To create a Mac app, run ./hm.sh dist mac.
  • The Synergy.app is available under bin/Release/Synergy directory. Drag and drop it to the /Applications directory.
  • Create the SSL certificate needed by the Synergy server by running the following commands
    mkdir -p ~/.synergy/SSL/Fingerprints
    openssl req -x509 -nodes -days 365 -subj /CN=Synergy -newkey rsa:1024 -keyout ~/.synergy/SSL/Synergy.pem -out ~/.synergy/SSL/Synergy.pem
    openssl x509 -fingerprint -sha1 -noout -in ~/.synergy/SSL/Synergy.pem > ~/.synergy/SSL/Fingerprints/Local.txt
    mkdir -p ~/Library/Synergy/SSL/.
    cp ~/.synergy/SSL/Synergy.pem ~/Library/Synergy/SSL/.
    sed -e "s/.*=//" -i ~/.synergy/SSL/Fingerprints/Local.txt
    
  • Enable Accessibility permissions for the Synergy app from the Security and Privacy dialog under System Preferences.
  • Start the Synergy app and run it as a server. The app window should indicate that SSL is turned on and the logs should not have any errors.

Steps to be followed on Ubuntu 16.04

  • Clone the Synergy GitHub repository from  and checkout the 1.8.8-stable branch.
  • Apply this patch to fix the Qt related paths (not needed on Ubuntu) and also to enable SSL without license check.
  • Install the dependencies by running the following command
    sudo apt-get install cmake make g++ xorg-dev libqt4-dev libcurl4-openssl-dev libavahi-compat-libdnssd-dev libssl-dev libx11-dev
    
  • Navigate to the top-level synergy repository directory and run
    ./hm.sh conf -g1; ./hm.sh build; ./hm.sh; ./hm package deb
    

    This builds Synergy and creates a .deb package file under the bin directory.

  • Install the .deb file using dpkg.
  • Start the Synergy app from the Unity launcher (or alternatively using its full path).
  • Configure it as a client and set the server address to that of the computer running the server.
  • The app will display the server’s certificate fingerprint with a prompt to trust or reject it. Trust the fingerprint after carefully verifying it. If there are any errors with the server fingerprint or trusting it, copy the Local.txt file generated on the server and save it under ~/.synergy/SSL/Fingerprints and restart the client.

References:

Getting rid of Truecaller from Cyanogen OS 12.1

Cyngn has struck a deal with TrueCaller to integrate it with the default dialer app on Cyanogen OS 12.1. For a privacy-conscious person like me, it was totally unacceptable given the notorious reputation of TrueCaller. Read this post on XDA-Developers for more details.

Cyngn Logo

TrueCaller Logo

 

 

 

 

Here is how I got rid of TrueCaller. Before installing the OTA on my OnePlus One, I turned off mobile data and Wi-Fi so that I could prevent any internet access till I removed TrueCaller. The phone rebooted after installing the Cyanogen OS 12.1 OTA update (which has been pulled due to some issues at the time of writing this). Immediately after that, I opened the dialer and was prompted to enable TrueCaller. I refused it by selecting Not Now.

TrueCaller opt-in dialog

I also went into the settings menu of the dialer app to make sure there was nothing related to TrueCaller enabled by default. All this just disables TrueCaller but does not remove it entirely. Read on if you want to completely remove it.

Since the TrueCaller app does not show up in the App Drawer, go to Settings ? Apps ? All and scroll down to the TrueCaller Service app. Tap on it and uninstall it from the App Info page that shows up.

Uninstall TrueCaller App

Now your phone should be free of TrueCaller and its privacy issues. If you go to the settings menu of the dialer app, you can verify that there are no settings related to TrueCaller.

This should work for any device for which Cyanogen OS 12.1 is released.

In case you have a change of mind after doing this and want to reinstall TrueCaller, you can do that by navigating to /system/vendor/bundled-app/TrueCaller folder using the File Explorer app and installing the APK that is there. The /system/vendor/bundled-app/ folder contains the APK files for all the other pre-loaded (but removable) apps like Boxer, Browser as well.

Hope this helps 🙂

Enabling captive portal detection in GNOME 3.14 on Debian Jessie

GNOME 3.14 supports captive portal handling but it is not enabled by default in Debian Jessie probably due to the privacy concerns. To enable it, create a file /etc/NetworkManager/conf.d/20-connectivity-debian.conf with the following content:

[connectivity]
uri=http://network-test.debian.org/nm
response=NetworkManager is online
interval=300

Then restart NetworkManager using the command service network-manager restart as root user (or use sudo if your non-root user has sudo privileges). Once this is done, whenever you connect to a network with a captive portal, GNOME will automatically open the captive portal login page where you can login to get access to the internet. Please note that the requests to the connectivity test URL could be logged and be aware of its privacy implications though no personally identifiable information is sent.

This is very helpful for me since my ISP ACT Fibernet requires its users to login to its captive portal before allowing internet access. Hope this is helpful for others. The configuration given above tries to reach the specified URL once every 300 seconds and tries to open the captive portal login page if it is not reachable. This could cause the NetworkManager applet to try opening the login page if there are any issues with the internet connectivity. So feel free to tweak the interval according to your needs.

Disabling automatic download of software updates in GNOME 3.14 on Debian Jessie

GNOME Software application automatically downloads the packages to be updated and presents a notification in the notification area. It might be a good idea to disable it avoid excessive data usage on metered internet connections.

To do it from the command-line

$ gsettings set org.gnome.software download-updates false

Or open dconf-editor and navigate to

org -> gnome -> software

and unselect this key

download-updates

My contributions to Mozilla Input

 

Apart from writing Free/Libre Open Source Software, I have tried to contribute to existing ones whenever I can – mainly in the form reporting bugs, fixing documentation errors and so on. But I have always had the dream of making non-trivial contributions in addition to what I have been doing. In pursuit of that dream, I have been searching websites like OpenHatch for projects to contribute to, without finding a good starting point.

A few months back, I read somewhere (could be Hacker News, Planet Python or one of the many open source Planet feeds that I am subscribed to) about how the author made his first contribution to a Mozilla project. That inspired me to try and do something similar. So I went to the Bugs Ahoy website linked to from that article.

These days, almost all the code I write has been in Python and more often than not involves web development with Django. So I filtered the bugs using the criteria “Python” and “Simple bugs”. I looked at the summary of the listed bugs and tried to assess if I could fix any of them. There was a bug related to improving the 404 error page in a project called Input. I had never heard of the project before and only knew the popular Mozilla projects like Firefox, Thunderbird, Firefox OS. Still I decided to give it a try since the project was built using the Django web framework which I have used for my projects.

Firefox Input

I read the bug report and the comments and could see from the history that a lot of people took up the bug to work on, but never completed it. It was a mentored bug and Will Kahn-Greene, working for Mozilla, (whom I had known earlier as the person behind pyvideo.org) was the mentor. He had requested interested developers to contact him on #input channel on Mozilla’s IRC network.

Will Kahn-Greene
Will Kahn-Greene

I contacted him only to find that someone else had started working on the same bug a few days back. Will told me more about mentored bugs and how to find them. With his help, I browsed through the list of mentored and simple bugs in the Input project and picked up a bug that appeared easy to solve.

At that point, I didn’t even know what the project was about and hadn’t read its wonderful documentation. Once Will pointed me to it, I started reading immediately. I came to know that ‘Fjord’ is the software that runs Mozilla Input (that collects actionable feedback from various Mozilla products in different states of development and offers a set of analysis methods for looking at the resulting data). I had to setup the dev environment virtual machine using Vagrant (which I had only heard about before). I read the steps mentioned in the ‘Getting Started’ section of the docs and completed the setup, understanding each step in detail.

firefox-happy-sadWhen I was about to start assessing the code changes to be made, I saw that the VM was running Ubuntu 13.10 which had already reached end-of-life. I informed Will that I will fix it to use the LTS version of Ubuntu which is supported for 5 years from the time of its release. After reading up a little bit on Vagrant and with Will’s help, I made the fix and verified it. Will immediately reviewed my pull request and merged my first non-trivial contribution to any open source software that I had not developed.

Will encouraged me to help with other dev environment related bugs which some times involved just testing if things work. Slowly I was able to fix more issues surrounding the dev environment and even provide Will a few ideas in resolving some longstanding ones. Despite the encouraging beginning, I got distracted after about a fortnight and drifted off. It wasn’t until the beginning of this month that I regained some focus and wanted to contribute again to Fjord.

Will, as welcoming and encouraging as ever, helped me with fixing more bugs related to the development environment. Though Python and Django were the reasons that led me to Fjord, it wasn’t until 10+ merged commits that I even wrote a single line of Python 🙂 In the past week, I hung out on #input every night and informed Will regarding the things I wanted to work on. Then I did the code changes and sent pull requests. Will patiently reviewed all my changes and merged them. Whenever there were issues with my code, he helpfully suggested ways to fix them.

I wanted to continue doing this every day for as long as I could, but with Will’s year-end vacation coming up, I had to pause my contributions till the beginning of the next year. So I am eagerly waiting for the new year! 🙂

I have the annual year-end vacation from Christmas to New year and I intend to use some time to plan the work to be done in Fjord and also my own Xpens.

Whatever contributions that I have been able to make, I have to thank Will for being a tireless and enthusiastic mentor in spite of having his plate full. He has always encouraged and mentored me. He has nothing but praise for those who want to contribute to Fjord (case in point – see this and this). Without him, none of this would have been possible. I am glad and grateful to have such a great mentor! I hope to continue in the same vein and do much more and make a difference.

I hope my story inspires many more people to contribute to open source projects!

Staying in touch

rsz_handsWhen I was on Facebook, I was getting to know what was happening in the lives of a lot of friends and acquaintances. I wouldn’t say I was in touch with all of them as they were just sharing updates with me and posting comments only because I was on Facebook. It wasn’t like most of them really cared about staying in touch with me and I would have been hell-banned like I am now as I am out of Facebook.

A lot of my friends whom I try to be in touch with, still share their updates only on Facebook and often I end up having to ask them offline to share stuff with me like the pictures of their wedding, trip photos and etc. But this doesn’t bother me at all as I still know how to get hold of them.

These days I am asked often, “Are you on WhatsApp? Why not? It’s cool and the happening thing right now. You’re missing out on a lot of fun. So and so is on WhatsApp and we all had a fun group chat”. Really? Do I really have to bother myself into signing up for yet another messaging/communication platform just to stay in touch with most people who don’t care? Do you people keep talking with everyone on your contact list on the next happening messenger app? I guess not. With Facebook now acquiring WhatsApp, I wouldn’t think of going anywhere near it. I am content to be using just my Gmail account to communicate via chat and email with people and it suits me just fine. I am sure that if you really care about me, you won’t mind taking that extra bit of effort to get in touch with me and I will be glad about that.

These days, the rate at which the “happening things” happen is getting ridiculous to say the least. I don’t want to bother about getting myself into each of those glorified silos that lock-in and keep out people not inside it. A popular saying on the internet goes “When something is given to you for free, you are the product being sold” but nowadays it has become “Even when you pay and buy something, you are the product being sold”. Why should I sell myself just to keep getting spam from people whom I don’t care about? Those whom I care about and vice-versa, I am already in touch. Wanna get in touch with me, contact me wherever I am on the internet – my blog, Gmail, Twitter, Identi.ca, Diaspora and so on. Even a quick Google search on my name will be of help in finding ways to contact me.

Looking forward to getting in touch with a lot more people who care. 🙂

Update (17 Nov 2014) – I have succumbed to the pressure from friends and relatives and agreed to try out WhatsApp for a few months since it is the only way to reach most of them easily.

Feet off the ground

feet_off_the_groundIn the past month, I have had my feet off the ground for most of the time. I got married to my sweetheart, we had our first air travel, we celebrated our honeymoon at Taj Mahal just a day off Valentine’s day, getting our own 2-wheeler which has given me my precious first full-time driving experience (though I have a valid driving license 😉 ), booking our own flat near my office. Let me ride this wave of happiness as long as it lasts 🙂

 

A dream of 10 years

I cannot just say it was a dream come true. It was a dream of 10 years. A tree we both had planted as a sapling and nurtured for. Even now, it feels too good to be real. We both kept asking each other “Has it sunk in for you?” and the answer was and is still no. It’s the reality of taking up the responsibilities and managing both office and home that’s keeping my feet on the ground.

It was a journey that had literally everything – Happiness, sadness, anger, joy, love, fights, heart breaks, life altering decisions, commitments, problems, solutions and what not! You name and we had it in our relationship. Yes, love is not just a fairy tale. It takes a lot to keep it up and I learned that well.

After so many twists and turns in my story, there was the day. Finally! Feb 9, 2014. I couldn’t sleep the previous night due to a lot of factors – tension due to the thriller adventure my marriage story took and excitement that the big day was just hours away being the major ones. My friends forced me to sleep saying that I should get some beauty sleep and finally I dozed off. The day arrived in a swirl and swept me off. I got ready and came to the temple which was the marriage venue. I was so restless since I had arrived before him and I didn’t take my eyes away from the entrance. Only when I saw him, my lips curved and the smile came out. The one that reached from my heart to my eyes.

After that everything went so fast and before we could realize, he had tied the mangalyam around my neck. After that nothing mattered to me, everything went in a fit of emotions and blur. I didn’t care, I couldn’t even if I tried. The only thought in my mind was “We have done it.”. The marriage being a simple ceremony helped in many ways since the tediousness was reduced to a great extent and we were still fresh for the grander reception which followed a short while after.

The trip to Delhi and Agra was indeed a romantic one with a visit to the Taj Mahal being the heights of it 😉 Now being back to Bangalore and having joined office, the routine work and added responsibilities have brought us back from the clouds. Still, everyday I wake up with a smile, knowing that I am with him. Good or bad, we are in it together and that’s exactly what we wanted for the rest of our lives.

Here’s a peek into the biggest day of my life! 🙂

IMG_20140209_064741

IMG_6063
Until later 🙂