Setting up Synergy 1.8.8 with SSL on OS X El Capitan as the server and Ubuntu 16.04 as the client

Synergy is a free and open source software (licensed under GPLv2) for sharing one keyboard and mouse between multiple computers. The source is hosted here on GitHub and the Synergy website provides compiled, installable releases with support for SSL encryption for a fee.

At work, I have a Macbook Pro laptop running OS X El Capitan and an Ubuntu 16.04 desktop connected to a monitor which I use daily. Working on two separate computers at the same time is laborious and thanks to Hiemanshu, I came to know about Synergy.

Eager to try it out, I built it from source after patching (to use the Qt installed on my Macbook using Macports) and with minimal configuration, I was able to get it to work. But since my computers were connected to the corporate network, I did not want my keystrokes to be sent through the network in plaintext. So till today, I used an SSH tunnel between my Macbook acting as the server and the Ubuntu desktop acting as a client. It was a little bit inconvenient having to setup the SSH tunnels every time and I didn’t want to use something like autossh.

Imho, in the post-Snowden era, any software sending sensitive plaintext data through the network is broken by design. Since Synergy is free software, I was hoping to patch it to allow SSL communication without requiring a license. With some help from the comments and pull requests on the Synergy GitHub repository and some additional tweaking, I was able to build Synergy 1.8.8 with support for SSL irrespective of the licensing status.

The following details of how I managed to do it are primarily for my reference and I am sharing it on my blog in the hope that it might be useful for others as well. That said, Synergy is a very useful free/libre software and I recommend purchasing a license to support the development. One of the Synergy developers has committed to enable SSL communication by default in the 2.0 version.

Steps to be followed on OS X El Capitan

  • Clone the Synergy GitHub repository from  and checkout the 1.8.8-stable branch
  • Apply this patch to fix the Qt related paths and also to enable SSL without license check. For Qt installed without using Macports, tweak the frameworkRootDir variable in the patch to point to the correct directory. Also tweak the path to the Info.plist to point to a valid path.
  • If the Mac OS X 10.11 SDK is not present under the /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs directory, Download it from this GitHub repository and copy it to that directory.
  • Install the dependencies of Synergy (cmake, qt5) using Macports.
  • Navigate to the top-level directory of the repository and run ./hm.sh conf -g2 --mac-sdk 10.12 --mac-identity ElCapitan where the current OS is El Capitan and the available default Mac OS X SDK is 10.12. Modify the parameters based on the available SDKs and the OS version.
  • After the previous command completes without errors, run ./hm.sh build to start the build process.
  • To create a Mac app, run ./hm.sh dist mac.
  • The Synergy.app is available under bin/Release/Synergy directory. Drag and drop it to the /Applications directory.
  • Create the SSL certificate needed by the Synergy server by running the following commands
    mkdir -p ~/.synergy/SSL/Fingerprints
    openssl req -x509 -nodes -days 365 -subj /CN=Synergy -newkey rsa:1024 -keyout ~/.synergy/SSL/Synergy.pem -out ~/.synergy/SSL/Synergy.pem
    openssl x509 -fingerprint -sha1 -noout -in ~/.synergy/SSL/Synergy.pem > ~/.synergy/SSL/Fingerprints/Local.txt
    mkdir -p ~/Library/Synergy/SSL/.
    cp ~/.synergy/SSL/Synergy.pem ~/Library/Synergy/SSL/.
    sed -e "s/.*=//" -i ~/.synergy/SSL/Fingerprints/Local.txt
    
  • Enable Accessibility permissions for the Synergy app from the Security and Privacy dialog under System Preferences.
  • Start the Synergy app and run it as a server. The app window should indicate that SSL is turned on and the logs should not have any errors.

Steps to be followed on Ubuntu 16.04

  • Clone the Synergy GitHub repository from  and checkout the 1.8.8-stable branch.
  • Apply this patch to fix the Qt related paths (not needed on Ubuntu) and also to enable SSL without license check.
  • Install the dependencies by running the following command
    sudo apt-get install cmake make g++ xorg-dev libqt4-dev libcurl4-openssl-dev libavahi-compat-libdnssd-dev libssl-dev libx11-dev
    
  • Navigate to the top-level synergy repository directory and run
    ./hm.sh conf -g1; ./hm.sh build; ./hm.sh; ./hm package deb
    

    This builds Synergy and creates a .deb package file under the bin directory.

  • Install the .deb file using dpkg.
  • Start the Synergy app from the Unity launcher (or alternatively using its full path).
  • Configure it as a client and set the server address to that of the computer running the server.
  • The app will display the server’s certificate fingerprint with a prompt to trust or reject it. Trust the fingerprint after carefully verifying it. If there are any errors with the server fingerprint or trusting it, copy the Local.txt file generated on the server and save it under ~/.synergy/SSL/Fingerprints and restart the client.

References:

Getting rid of Truecaller from Cyanogen OS 12.1

Cyngn has struck a deal with TrueCaller to integrate it with the default dialer app on Cyanogen OS 12.1. For a privacy-conscious person like me, it was totally unacceptable given the notorious reputation of TrueCaller. Read this post on XDA-Developers for more details.

Cyngn Logo

TrueCaller Logo

 

 

 

 

Here is how I got rid of TrueCaller. Before installing the OTA on my OnePlus One, I turned off mobile data and Wi-Fi so that I could prevent any internet access till I removed TrueCaller. The phone rebooted after installing the Cyanogen OS 12.1 OTA update (which has been pulled due to some issues at the time of writing this). Immediately after that, I opened the dialer and was prompted to enable TrueCaller. I refused it by selecting Not Now.

TrueCaller opt-in dialog

I also went into the settings menu of the dialer app to make sure there was nothing related to TrueCaller enabled by default. All this just disables TrueCaller but does not remove it entirely. Read on if you want to completely remove it.

Since the TrueCaller app does not show up in the App Drawer, go to Settings ? Apps ? All and scroll down to the TrueCaller Service app. Tap on it and uninstall it from the App Info page that shows up.

Uninstall TrueCaller App

Now your phone should be free of TrueCaller and its privacy issues. If you go to the settings menu of the dialer app, you can verify that there are no settings related to TrueCaller.

This should work for any device for which Cyanogen OS 12.1 is released.

In case you have a change of mind after doing this and want to reinstall TrueCaller, you can do that by navigating to /system/vendor/bundled-app/TrueCaller folder using the File Explorer app and installing the APK that is there. The /system/vendor/bundled-app/ folder contains the APK files for all the other pre-loaded (but removable) apps like Boxer, Browser as well.

Hope this helps 🙂

Enabling captive portal detection in GNOME 3.14 on Debian Jessie

GNOME 3.14 supports captive portal handling but it is not enabled by default in Debian Jessie probably due to the privacy concerns. To enable it, create a file /etc/NetworkManager/conf.d/20-connectivity-debian.conf with the following content:

[connectivity]
uri=http://network-test.debian.org/nm
response=NetworkManager is online
interval=300

Then restart NetworkManager using the command service network-manager restart as root user (or use sudo if your non-root user has sudo privileges). Once this is done, whenever you connect to a network with a captive portal, GNOME will automatically open the captive portal login page where you can login to get access to the internet. Please note that the requests to the connectivity test URL could be logged and be aware of its privacy implications though no personally identifiable information is sent.

This is very helpful for me since my ISP ACT Fibernet requires its users to login to its captive portal before allowing internet access. Hope this is helpful for others. The configuration given above tries to reach the specified URL once every 300 seconds and tries to open the captive portal login page if it is not reachable. This could cause the NetworkManager applet to try opening the login page if there are any issues with the internet connectivity. So feel free to tweak the interval according to your needs.

Disabling automatic download of software updates in GNOME 3.14 on Debian Jessie

GNOME Software application automatically downloads the packages to be updated and presents a notification in the notification area. It might be a good idea to disable it avoid excessive data usage on metered internet connections.

To do it from the command-line

$ gsettings set org.gnome.software download-updates false

Or open dconf-editor and navigate to

org -> gnome -> software

and unselect this key

download-updates

My contributions to Mozilla Input

 

Apart from writing Free/Libre Open Source Software, I have tried to contribute to existing ones whenever I can – mainly in the form reporting bugs, fixing documentation errors and so on. But I have always had the dream of making non-trivial contributions in addition to what I have been doing. In pursuit of that dream, I have been searching websites like OpenHatch for projects to contribute to, without finding a good starting point.

A few months back, I read somewhere (could be Hacker News, Planet Python or one of the many open source Planet feeds that I am subscribed to) about how the author made his first contribution to a Mozilla project. That inspired me to try and do something similar. So I went to the Bugs Ahoy website linked to from that article.

These days, almost all the code I write has been in Python and more often than not involves web development with Django. So I filtered the bugs using the criteria “Python” and “Simple bugs”. I looked at the summary of the listed bugs and tried to assess if I could fix any of them. There was a bug related to improving the 404 error page in a project called Input. I had never heard of the project before and only knew the popular Mozilla projects like Firefox, Thunderbird, Firefox OS. Still I decided to give it a try since the project was built using the Django web framework which I have used for my projects.

Firefox Input

I read the bug report and the comments and could see from the history that a lot of people took up the bug to work on, but never completed it. It was a mentored bug and Will Kahn-Greene, working for Mozilla, (whom I had known earlier as the person behind pyvideo.org) was the mentor. He had requested interested developers to contact him on #input channel on Mozilla’s IRC network.

Will Kahn-Greene
Will Kahn-Greene

I contacted him only to find that someone else had started working on the same bug a few days back. Will told me more about mentored bugs and how to find them. With his help, I browsed through the list of mentored and simple bugs in the Input project and picked up a bug that appeared easy to solve.

At that point, I didn’t even know what the project was about and hadn’t read its wonderful documentation. Once Will pointed me to it, I started reading immediately. I came to know that ‘Fjord’ is the software that runs Mozilla Input (that collects actionable feedback from various Mozilla products in different states of development and offers a set of analysis methods for looking at the resulting data). I had to setup the dev environment virtual machine using Vagrant (which I had only heard about before). I read the steps mentioned in the ‘Getting Started’ section of the docs and completed the setup, understanding each step in detail.

firefox-happy-sadWhen I was about to start assessing the code changes to be made, I saw that the VM was running Ubuntu 13.10 which had already reached end-of-life. I informed Will that I will fix it to use the LTS version of Ubuntu which is supported for 5 years from the time of its release. After reading up a little bit on Vagrant and with Will’s help, I made the fix and verified it. Will immediately reviewed my pull request and merged my first non-trivial contribution to any open source software that I had not developed.

Will encouraged me to help with other dev environment related bugs which some times involved just testing if things work. Slowly I was able to fix more issues surrounding the dev environment and even provide Will a few ideas in resolving some longstanding ones. Despite the encouraging beginning, I got distracted after about a fortnight and drifted off. It wasn’t until the beginning of this month that I regained some focus and wanted to contribute again to Fjord.

Will, as welcoming and encouraging as ever, helped me with fixing more bugs related to the development environment. Though Python and Django were the reasons that led me to Fjord, it wasn’t until 10+ merged commits that I even wrote a single line of Python 🙂 In the past week, I hung out on #input every night and informed Will regarding the things I wanted to work on. Then I did the code changes and sent pull requests. Will patiently reviewed all my changes and merged them. Whenever there were issues with my code, he helpfully suggested ways to fix them.

I wanted to continue doing this every day for as long as I could, but with Will’s year-end vacation coming up, I had to pause my contributions till the beginning of the next year. So I am eagerly waiting for the new year! 🙂

I have the annual year-end vacation from Christmas to New year and I intend to use some time to plan the work to be done in Fjord and also my own Xpens.

Whatever contributions that I have been able to make, I have to thank Will for being a tireless and enthusiastic mentor in spite of having his plate full. He has always encouraged and mentored me. He has nothing but praise for those who want to contribute to Fjord (case in point – see this and this). Without him, none of this would have been possible. I am glad and grateful to have such a great mentor! I hope to continue in the same vein and do much more and make a difference.

I hope my story inspires many more people to contribute to open source projects!

Staying in touch

rsz_handsWhen I was on Facebook, I was getting to know what was happening in the lives of a lot of friends and acquaintances. I wouldn’t say I was in touch with all of them as they were just sharing updates with me and posting comments only because I was on Facebook. It wasn’t like most of them really cared about staying in touch with me and I would have been hell-banned like I am now as I am out of Facebook.

A lot of my friends whom I try to be in touch with, still share their updates only on Facebook and often I end up having to ask them offline to share stuff with me like the pictures of their wedding, trip photos and etc. But this doesn’t bother me at all as I still know how to get hold of them.

These days I am asked often, “Are you on WhatsApp? Why not? It’s cool and the happening thing right now. You’re missing out on a lot of fun. So and so is on WhatsApp and we all had a fun group chat”. Really? Do I really have to bother myself into signing up for yet another messaging/communication platform just to stay in touch with most people who don’t care? Do you people keep talking with everyone on your contact list on the next happening messenger app? I guess not. With Facebook now acquiring WhatsApp, I wouldn’t think of going anywhere near it. I am content to be using just my Gmail account to communicate via chat and email with people and it suits me just fine. I am sure that if you really care about me, you won’t mind taking that extra bit of effort to get in touch with me and I will be glad about that.

These days, the rate at which the “happening things” happen is getting ridiculous to say the least. I don’t want to bother about getting myself into each of those glorified silos that lock-in and keep out people not inside it. A popular saying on the internet goes “When something is given to you for free, you are the product being sold” but nowadays it has become “Even when you pay and buy something, you are the product being sold”. Why should I sell myself just to keep getting spam from people whom I don’t care about? Those whom I care about and vice-versa, I am already in touch. Wanna get in touch with me, contact me wherever I am on the internet – my blog, Gmail, Twitter, Identi.ca, Diaspora and so on. Even a quick Google search on my name will be of help in finding ways to contact me.

Looking forward to getting in touch with a lot more people who care. 🙂

Update (17 Nov 2014) – I have succumbed to the pressure from friends and relatives and agreed to try out WhatsApp for a few months since it is the only way to reach most of them easily.

Feet off the ground

feet_off_the_groundIn the past month, I have had my feet off the ground for most of the time. I got married to my sweetheart, we had our first air travel, we celebrated our honeymoon at Taj Mahal just a day off Valentine’s day, getting our own 2-wheeler which has given me my precious first full-time driving experience (though I have a valid driving license 😉 ), booking our own flat near my office. Let me ride this wave of happiness as long as it lasts 🙂

 

Two years without Facebook

I completed 2 years without having a Facebook account a couple of days back on my birthday. I wouldn’t say the experience was perfect, but still it did me more good than bad. A lot of people use Facebook under the guise of staying in touch with a lot of people, but do they actually stay in touch with people through Facebook? I don’t think so. The stream of updates on Facebook is heavily clogged by photos, videos, messages from apps and meaningless likes from people whom you just know and nothing more. And more often than not, knowing about the lives of other people via Facebook often unleashes bouts of depression caused by comparing our lives to theirs based on whatever they have posted, however true or false that maybe. I am glad to be free from such emotional baggage. I also believe that connecting with people in real life does more good than pretending to do so on pseudo-social networks.

Often, the fact that it is a social network and you are not talking to people in person, makes you say things that you would never say in person. Apart from that, it takes a lot of effort to filter out just the content you want to read. Previously when I was on Facebook, there used to be a “Status updates” filter which used to filter and show just the status updates from people. But that was removed after some time and Facebook started to use various algorithms to determine what content to show me and what I would like to read. Unfortunately the intersection was almost always empty for me. As Facebook never deletes anything, all my activities on the site can always be traced back to me. Right to be forgotten is very important to me. So I am glad I quit Facebook.

Since the primary revenue for Facebook is via advertising, it is always trying to find more about users to show them targeted ads. As a result of this, Facebook wants to be everywhere on the internet trying to track all your online activity which in my humble opinion is nothing short of stalking. Even if you don’t have a Facebook account, all the information is associated with a shadow account which will be merged with your account if and when you create one on Facebook. I don’t want to give them any of my data any more. I use browser plugins to block all Facebook social content and other forms of tracking. If someone who knows me really wants to share something with me, it is very easy to find ways to get in touch with me instead of just broadcasting on Facebook and hoping that I see it. I am very active on Gmail chat and prefer having one on one conversations with people once in a while.

You might be thinking that Google is as evil and it makes no sense for me to ditch Facebook and use Google’s suite of products where you are the product being sold. I totally agree with that point and I have thought about self-hosting those services on my server using something like Sovereign, but I haven’t managed to find the time and motivation to get it done. Google has made such a move a bit more difficult by abandoning XMPP federation which means people using their own XMPP chat servers cannot communicate with the users using Google’s chat. Since I have been unable to abandon Gmail, I am fairly active on Google+ for now. I don’t like how Google is forcing it on all users with Google accounts.

Google+ is fast becoming the omni-present evil that wants to know more and more about your activities. The latest in the series of moves in that direction is the compulsion of using real names with all Google accounts and using +1’s of users and showing them as advertisements/recommendations with their photograph to other users. To mitigate it, I try to use Google search engine in private browsing mode without being logged into any of Google’s services whenever I can.

Having an Android device gives Google a lot more chance to mine data about my life, but I am doing my best to avoid it by using Cyanogenmod and its Privacy Guard. I did try to use my phone without any of Google’s apps, but had to give up due to the need to install a few apps which are found only on the Google Play Store. Being very paranoid about installing any app on my phone and denying it the permissions it doesn’t need has helped a bit, but it is not fool-proof.

You might also find me active on Twitter. I believe Twitter at least tries to be a social network and with the 140-character limit on messages, there is not as much spam as in Facebook. I have a lot of friends on Twitter (still just a fraction of the number of friends I had on Facebook) who do post a lot of content that I find interesting to follow. While I also use Libre alternatives like Diaspora, StatusNet, Pump.io, I don’t have my friends there and with not a lot of people there on those social networks, they often end up being ghost towns.

Services like Snapchat, Instagram, WhatsApp have become the latest fad and they have a large number of users using them with the smartphone boom. While the ideas behind those services might be unique and trendy, they have a dodgy track record and privacy terms. Snapchat provides a way to send ephemeral picture messages to other users of the service, but do we know for sure that Snapchat isn’t archiving all the messages sent using its platform and selling them to advertisers? Isn’t it creepy what they could do with all the data? WhatsApp has had known security and privacy issues (like uploading the address books of users to their servers) for a long time and still people use it because they just want to appear trendy and don’t care enough to appreciate the harm.

When I talked to one of my school friends a few days back, he told me that a lot of our classmates were having a fun group conversation on WhatsApp. While that made me feel bad about missing on getting in touch with classmates, I was never going to get tempted to install such a thing and use it. For the sake of my privacy, I consider it a reasonable sacrifice to miss out on all first-hand conversations and get to know about them late from someone who participated.

If you are someone who cares about privacy, do consider quitting the use of privacy-invading social networks and mobile apps. I know that it could be very difficult for most people, but at least give it a try, If you are skilled enough, you can even try creating open source alternatives based on open standards. While you might face failures initially, remember that every long journey starts with the first few steps forward and don’t give up.