Linux

now browsing by category

linux

 

CyanogenMod – Android based OS

CyanogenMOD-Logo-120x120

Just like a PC can run different operating systems (Windows, Linux, OS X, etc.) or different versions of the same operating system (like Windows XP, Windows Vista, Windows 7 etc.), most smartphones can also run different versions of the operating system they were made for and in exceptional cases, they might even be able to run operating systems they weren’t made for. In general however, an Android phone will only run a version of Android while an iPhone will only run an iOS version. The operating system is responsible for determining the functions and features available on your device, such as keyboards, WAP, synchronization with applications, e-mail, text messaging and more. The mobile operating system will also determine which third-party applications can be used on your device.
Android, an OS based on the Linux Kernel currently developed by Google has become the leading smartphone OS in the world today. It has the largest installed base worldwide on smartphones. In fact it is the most popular operating system for general purpose computers, running on literally hundreds of devices including smartphones and tablets. With multiple new releases each year, the operating system is continuously evolving.

Android has an active community of developers and enthusiasts who use the Android Open Source Project (AOSP) source code to develop and distribute their own modified versions of the operating system. These community-developed releases often bring new features and updates to devices faster than through the official manufacturer/carrier channels, with a comparable level of quality; provide continued support for older devices that no longer receive official updates; or bring Android to devices that were officially released running other operating systems.

imagesThe most popular Android flavor is CyanogenMod which is a custom ROM co-developed by CyanogenMod community, that does not include any proprietary apps (User have the option to install such apps later if they desire).

About 1-2 times a year, the vanilla Android operating system (known as AOSP, or the Android Open Source Project) which is internally developed by Google, is being released to the public. They provide the source code to anyone who wants to download it. The CyanogenMod community, comprised mostly of unpaid volunteers and enthusiasts from around the world, takes this newest Android code and “ports” it to dozens of new and older devices.
Right now we have some active version of CyanogenMod that are built over each update of Android OS.
Starting from CyanogenMod 7 (based on Android 2.3 Gingerbread), the best known iteration of CyanogenMod, different versions had appeared:

  • CyanogenMod 8 (based on Android Honeycomb);
  • CyanogenMod 9 (based on the Android v4 Ice Cream Sandwich);
  • CyanogenMod 10 (based on Android 4.1 Jelly Bean);
  • CyanogenMod 11 (based on Android 4.4 KitKat was initiated on 6th of November 2013).
  • CyanogenMod 12 which is based on Android 5.0.1 Lollipop.

Similar to many open source projects, CyanogenMod is developed using a distributed revision control system with the official repositories being hosted on GitHub. Contributors submit new features or bugfix changes using Gerrit, a free, web-based team code collaboration tool. Contributions may be tested by anyone, voted up or down by registered users, and ultimately accepted into the code by one of a handful of CyanogenMod developers.

In January 2015, it was reported that Microsoft had invested in Cyanogen, and that this might be part of a strategy to create an Android version that worked well with Microsoft platforms. It’s important to understand that, through the application of patent wars and intellectual property rights, Microsoft earns royalty fees on most Android phones sold. (In 2013 alone, they earned $1 billion from royalties on Samsung phone sales). It has been said that in a near future version of Cyanogen OS the two companies will work together to offer a “unique experience” for Cyanogen users with native integration. The Microsoft apps being included in Cyanogen OS will be removable (fully removable, not just able to be disabled). Users can uninstall those apps and use whatever they want as their default.

Why you should use CyanogenMod

  • It has daily updates, so you receive more frequent security updates and bug fixes
  • Provides you more control on your privacy and application permissions.
  • Amazing themes are perhaps one of the most impressive thing offered by CyanogenMod. Using its integrated theme engine the entire look and feel of your OS can be changed.
  • The “Global Blacklist” feature enable users to block unwanted and annoying calls and messages by either complete blocking or just ignoring the alerts for a while.
  • The Quick Setting Ribbon allows to embed quick toggles in your notification drawer for any of you useful apps. You can also customize the layout of your quick settings.
  • You can also customize the status bar and add new behaviors (for example, you can set an alarm by just taping the time and access your calendar by taping the date)
  • Built-in Superuser screen integrates root permissions into Android’s Settings screen.
  • Turn screen off by tapping twice on status bar (or tapping twice in lock screen pattern)
  • You can control everything, you don’t have limited access to many features like in Android (you can control brightness, wallpapers, rotation, notification lights and remote displays as you want)
  • Lockscreen can be more customized to increase your productivity; you can access your apps directly from Lockscreen and also many useful information are displayed at first look
  • Better performance with the built-in CPU control.
  • Quick reply for SMS
  • No Bloatware – you can uninstall any the app that are not suitable for you.
  • Better RAM, resource and memory management, since it doesn’t includes the lot of often buggy apps that many companies include by default.
  • Advanced gestures – draw a circle on the phone’s screen while it’s in standby and the camera will launch. When music is playing, a two-fingered vertical swipe will play/pause the audio, and left/right arrows drawn will switch tracks. The most unusual, though, is that drawing a V will turn the LED torch on.

Why you should not use CyanogenMod

  • By installing CyanogenMod you introduce new security risks. so be extra careful with the permissions you grant applications.
  • Some mobile brands may offer a limited or voided warranty after installing CyanogenMod on their devices.
  • Stability issue may arise in some devices, especially the ones that are not mainstream
  • Non-stock firmware may contain malicious code so always download custom ROMs from trusted sources.

Conclusion

CyanogenMod will be the official operating system of the chinese OnePlus One smartphone, a choice the company made even before “hardware was even planned or engineering units were produced.” CyanogenMod will be the default Android-based operating system on the OnePlus One, and will be supported for two years. Furthermore, OnePlus has already shared many specs for the device, revealing that pricing will start at less than $400 for the handset. Android phones released in 2014 has been available only to consumers who have received invites and those who jumped on limited sales events since its launch.
I will highly recommend you to research about the progress of CyanogenMod on your device before making the jump (a list of Officially-supported CyanogenMod devices you can find here). However, CyanogenMod may not be the appropriate custom ROM for your device, on some of the devices CyanogenMod is still unstable.

Amazon CloudWatch Monitoring Scripts

Linux

How standard monitoring works in EC2

When it comes to monitoring EC2 instances, we have to keep in mind that an instance in the cloud is not an actual single computer, but a virtual machine running alongside some siblings on a bigger host, which runs the virtualization solution, or hypervisor. Specifically, AWS uses a customized version of Xen Hypervisor.
CloudWatch relies on the information provided by this hypervisor, which can only see the most hardware-sided part of the instance’s status, including CPU usage (but not load), total memory size (but not memory usage), number of I/O operations on the hard disks (but not it’s partition layout and space usage) and network traffic (but not the processes generating it).
While this can be seen as a shortcoming on the hypervisor’s part, it’s actually very convenient in terms of security and performance, otherwise the hypervisor would be an all-seeing eye, with more powers than the root user itself.

How to monitor key elements of an EC2 instance

By default, CloudWatch only what the hypervisor is able to see. Luckily, CloudWatch accepts inputs from sources other than the hypervisor. This is what enables CloudWatch to monitor RDS’s instances details (such as replica lag) or the depth of an SQS queue, and it’s available to the end user under the label “Custom metrics”.
We’re installing a script that will periodically send our custom metrics to CloudWatch. Depending on our setup, we will have to take one of the two following approaches:

Using IAM user-based permissions

Creating an IAM user

If we can’t use EC2 Instance Roles, then we need to create an IAM user with the right permissions. After you create the user assign it the below policy:

{"Version": "2012-10-17","Statement": [{
"Sid": "Stmt1449681555000",
"Effect": "Allow",
"Action": ["cloudwatch:PutMetricData"],"Resource": ["*"]}]}

Please remember to write your Access and Secret Keys down.

Installing and configuring the script

Prerequisites

You must perform additional steps on some versions of Linux.

Amazon Linux AMI

Log on to your Amazon Linux AMI instance and install the following package:

sudo yum install perl-DateTime perl-Sys-Syslog perl-LWP-Protocol-https

Red Hat Enterprise Linux

To install the scripts for the first time:
Log on to your Red Hat Enterprise Linux instance and Install the following package:

sudo yum install perl-App-cpanminus.noarch
sudo cpanm -i Sys/Syslog.pm DateTime LWP::Protocol::https

SUSE Linux Enterprise Server

To install the scripts for the first time, log on to your SUSE Linux Enterprise Server instance and install the following packages:

sudo zypper install perl-DateTime
sudo zypper install –y "perl(LWP::Protocol::https)"

Ubuntu Server

To install the scripts for the first time, log on to your Ubuntu Server instance and install the following packages:

sudo apt-get update
sudo apt-get install unzip
sudo apt-get install libwww-perl libdatetime-perl

Getting Started

The following steps show you how to download, uncompress, and configure the Amazon CloudWatch Monitoring Scripts on an EC2 Linux instance.

To download, install, and configure the script:

Open a command prompt, move to a folder where you want to store the scripts, and then type the following: 

curl -O http://aws-cloudwatch.s3.amazonaws.com/downloads/CloudWatchMonitoringScripts-1.2.1.zip
unzip CloudWatchMonitoringScripts-1.2.1.zip
rm CloudWatchMonitoringScripts-1.2.1.zip
cd aws-scripts-mon

The CloudWatchMonitoringScripts-1.2.1.zip package contains these files:

  • CloudWatchClient.pm—Shared Perl module that simplifies calling Amazon CloudWatch from other scripts.
  • mon-put-instance-data.pl—Collects system metrics on an Amazon EC2 instance (memory, swap, disk space utilization) and sends them to Amazon CloudWatch.
  • mon-get-instance-stats.pl—Queries Amazon CloudWatch and displays the most recent utilization statistics for the EC2 instance on which this script is executed.
  • awscreds.template—File template for AWS credentials that stores your access key ID and secret access key.
  • LICENSE.txt—Text file containing the Apache 2.0 license.
  • NOTICE.txt—copyright notice.

If you aren’t using an IAM role, update the awscreds.template file that you downloaded earlier with the Access and Secret Keys from earlier when you created the user with specific rights.

The content of this file should use the following format:

AWSAccessKeyId=YourAccessKeyID
AWSSecretKey=YourSecretAccessKey

Using the Scripts

mon-put-instance-data.pl

This script collects memory, swap, and disk space utilization data on the current system. It then makes a remote call to Amazon CloudWatch to report the collected data as custom metrics.

Examples

The following examples assume that you have already updated the awscreds.conf file with valid AWS credentials. If you are not using the awscreds.conf file, provide credentials using the --aws-access-key-id and --aws-secret-key arguments.
To perform a simple test run without posting data to CloudWatch run the following command:

$ ./mon-put-instance-data.pl --mem-util --verify --verbose
MemoryUtilization: 18.9431700959895 (Percent)
No credential methods are specified. Trying default IAM role.
ERROR: No IAM role is associated with this EC2 instance.
For more information, run 'mon-put-instance-data.pl --help
sudo aws-scripts-mon/mon-put-instance-data.pl --mem-util --swap-util --disk-space-util --disk-path=/ --aws-credential-file=path/to/file/aws.creds
Successfully reported metrics to CloudWatch. Reference Id: 70320792-b2e5-11e5-afc5-b72f2d5df436

To collect all available memory metrics and send them to CloudWatch run the following command:

./mon-put-instance-data.pl --mem-util --mem-used --mem-avail

To set a cron schedule for metrics reported to CloudWatch start editing the crontab using the following command:

crontab -e

Add the following command to report memory and disk space utilization to CloudWatch every five minutes:

*/5 * * * * ~/aws-scripts-mon/mon-put-instance-data.pl --mem-util --disk-space-util --disk-path=/ --aws-credential-file=path/to/file/aws.creds --from-cron

If the script encounters an error, the script will write the error message in the system log.

mon-get-instance-stats.pl
This script queries CloudWatch for statistics on memory, swap, and disk space metrics within the time interval provided using the number of most recent hours. This data is provided for the Amazon EC2 instance on which this script is executed.

Examples

To get utilization statistics for the last 12 hours run the following command:

./mon-get-instance-stats.pl --recent-hours=12

The returned response will be similar to the following example output:

Instance metric statistics for the last 12 hours.
CPU Utilization
Average: 1.06%, Minimum: 0.00%, Maximum: 15.22%
Memory Utilization
Average: 6.84%, Minimum: 6.82%, Maximum: 6.89%
Swap Utilization
Average: N/A, Minimum: N/A, Maximum: N/A
Disk Space Utilization on /dev/xvda1 mounted as /
Average: 9.69%, Minimum: 9.69%, Maximum: 9.69%

Viewing Your Custom Metrics in the AWS Management Console

If you successfully call the mon-put-instance-data.pl script, you can use the AWS Management Console to view your posted custom metrics in the Amazon CloudWatch console.
To view custom metrics:

  1. Execute mon-put-instance-data.pl, as described earlier.
  2. Sign in to the AWS Management Console and open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/.
  3. Click View Metrics.
  4. In the Viewing list, your custom metrics posted by the script are displayed with the prefix System/Linux.

Linux Metric

SFTP via cygwin on Win Server 2012

Linux

I recently had to create an SFTP server on a machine running Windows Server 2012, and after doing a little research on the topic I decided to go with Cygwin. Cygwin is essentially a utility that offers a Linux-like environment on a Microsoft Windows host. Technically, it is a DLL (cygwin1.dll) that acts as a Linux API layer providing substantial Linux API functionality.
This tutorial will help you turn your Windows based system into a SecureFTP server.

1. Installing Cygwin

To install Cygwin on a Microsoft Windows host, follow these steps:

  • Access the following URL, then click Install Cygwin .
  • Download the 32-bit version (if you are running a 32-bit version of Microsoft Windows) or the 64-bit version (if you are running a 64-bit version of Microsoft Windows) of the Cygwin setup executable.
  • Run the setup executable, then click Next to proceed.

2

  • On the Choose Installation Type screen, select Install from Internet, then click Next.

2

  • On the Choose Installation Directory screen, enter C:\cygwin as the Root Directory, then click Next.

3

  • On the Select Local Package Directory screen, select a directory on your local machine where you want to store the downloaded installation files, then click Next.

4

  • On the Select Connection Type screen, select appropriate settings to connect to the internet, then click Next.

5

  • On the Choose Download Site(s) screen, select any site from the available list, then click Next.

6

  • On the select packages screen, ensure that you select the following packages, then click Next:
    • From the Archive category, select unzip and zip;
    • From the Net category, select openssh and openssl;
  • After selecting the packages and clicking Next, the Resolving Dependencies screen is displayed. Click Next to proceed.

7

  • On the Installation Status and Create Icons screen, make the necessary changes and Click Finish to complete the installation process.

2. Configuring SSH

This section describes how to configure SSH and test your Cygwin setup after installing Cygwin on a host. To configure SSH and test your Cygwin setup, follow these steps:

  • After you install Cygwin, navigate to the C:\cygwin directory, open the Cygwin.bat file in edit mode using any editor, and add the following line before invoking the bash shell  set CYGWIN=binmode ntsec

For example, here are the contents for the Cygwin.bat file after adding the above line:

@echo off
C:
chdir C:\cygwin\bin
set CYGWIN=binmode ntsec
bash --login -i
  • To verify if Cygwin (cygrunsrv) is installed properly, Run as administrator C:\cygwin\Cygwin.bat, and execute the following command

cygrunsrv -h

If Cygwin is installed properly, then all the Cygwin help options are displayed on the screen. However, if this command returns an error message, then you may have to reinstall Cygwin.

  • Decide on a user account that you want to run the sshd process. This can be Administrator or other user, but for security reasons we decided to go with a user that has less privileges.  For these instructions, lets say you want a user called MyUser to run sshd.

$net user #to list all users on the system
$ mkpasswd -cl > /etc/passwd#You will need to set up the passwd file before any logins can take place
$ mkgroup --local >/etc/group#To add all local groups on your computer to the group file

  • Check existing permissions for MyUser (in case you need to roll back, keep a note of its output):
$ editrights -vl -u MyUser 
  • Add additional privileges to allow sshd to run as a service:
$ editrights.exe -a SeAssignPrimaryTokenPrivilege -u MyUser
$ editrights.exe -a SeCreateTokenPrivilege -u MyUser
$ editrights.exe -a SeTcbPrivilege -u MyUser
$ editrights.exe -a SeServiceLogonRight -u MyUser
$ editrights -vl -u MyUser
Listing rights for MyUser:
AssignPrimaryTokenPrivilege
SeCreateTokenPrivilege
SeTcbPrivilege
SeServiceLogonRight
Done!
  • To configure the SSHD service, run C:\cygwin\Cygwin.bat, and execute the following command:

ssh-host-config

After running the command, you are prompted the following questions:

*** Query: Should StrictModes be used? (yes/no) yes
*** Query: Should privilege separation be used? (yes/no)yes
*** Query: new local account 'sshd'? (yes/no)yes
*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []binmode ntsec
*** Info: This script plans to use 'cyg_server'.
*** Info: 'cyg_server' will only be used by registered services.
*** Query: Do you want to use a different name?(yes/no)

At this point, if you want to use the same name, that is cyg_server, enter no. You are then prompted the following questions:

*** Query: Create new privileged user account 'cyg_server'? (yes/no) yes
*** Query: Please enter the password:
*** Query: Renter:

However, if you want to use a different name, enter yes. You are then prompted the following questions:

*** Query: Do you want to use a different name? (yes/no)yes
*** Query: Enter the new user name:MyUser
*** Query: Reenter: MyUser
*** Query: Create new privileged user account 'WorkstationName\MyUser' (Cygwin name: '
WorkstationName+MyUser')? (yes/no)yes
*** Info: Please enter a password for new user WorkstationName+MyUser. Please be sure
*** Info: that this password matches the password rules given on your system.
*** Info: Entering no password will exit the configuration.
*** Query: Please enter the password:
*** Query: Reenter:
*** Info: User 'WorkstationName+MyUser' has been created with password 'givenPassword'.
*** Info: The sshd service has been installed under the 'WorkstationName+MyUser'
*** Info: account. To start the service now, call `net start sshd' or
*** Info: `cygrunsrv -S sshd'. Otherwise, it will start automatically
*** Info: after the next reboot.
*** Info: Host configuration finished. Have fun!

If the configuration is successful, you will see the following message:


*** Info: Host configuration finished. Have fun!
  • Backup the c:\cygwin\etc\passwd file and then use any editor to open the file in edit mode. .
WorkstationName+Administrator:*:197108:197121:U-WorkstationName\Administrator,S-1-5-21-3189509142-2909541024-275296824-500:/home/Administrator:/bin/bash
WorkstationName+Guest:*:197109:197121:U-WorkstationName\Guest,S-1-5-21-3189509142-2909541024-275296824-501:/home/Guest:/bin/bash
WorkstationName+MyUser:*:197623:197121:U-WorkstationName\MyUser,S-1-5-21-3189509142-2909541024-275296824-1015:/cygdrive/d/Path/ToFolder:/bin/bash

Check the existence of the entry for MyUser account. If doesn’t exist you need to add it:

Run C:\cygwin\Cygwin.bat and execute the following command:

$mkpasswd -l -u MyUser >> /etc/passwd
  • Creating Home Directories for your Users

In the passwd file, you will notice that the user’s home directory is set as /home/username, with username being the name of the account.

If you want to change this location you will need to edit the passwd file. The last two entries for each user are safe to edit by hand. The second to last entry (/home/username) can be replaced with any other directory to act as that user’s home directory. It’s worth noting that when you run SSH on windows, you are actually running SSH in a scaled down version of cygwin, which is a Unix emulator for Windows. So, if you will be placing the user somewhere outside the default directory for their Windows profile, you will need to use the cygdrive notation.

To access any folder on any drive letter, add /cygdrive/DRIVELETTER/ at the beginning of the folder path. As an example, to access the Path/ToFolder directory on the *D:* drive you would use the path: /cygdrive/d/Path/ToFolder

MyUser@WorkstationName ~
$ pwd
/cygdrive/d/Path/ToFolder
Guest@WorkstationName ~
$ pwd
/home/Guest

3.Start the SSH Server

In order to start the SSH daemon, perform one of the following steps :

  • Run C:\cygwin\Cygwin.bat and execute the following command:
$cygrunsrv -S sshd #or net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service was started successfully.
  • OR go to Services, select CYGWIN sshd and click the Start button.

8

If the SSH daemon does not start up, view the c:\cygwin\var\log\sshd.log file for information on why the start up failed.

4. Connecting to the SFTP/SSH server

First you can test your Cygwin setup by connecting locally using the cygwin console:

$ ssh -l MyUser localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:/o5tzNcDWWgkk9zHz0Bu0Y65yS4Mywb6cv5Qc7XbcrI.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
MyUser@localhost's password:
Last login: Sun Nov 1 11:57:29 2015 from 172.17.1.126
MyUser@WorkstationName ~

To connect to your new SFTP server, you will need to download an FTP client that supports SFTP. I use Filezilla which is a nice free FTP and SFTP client. You might also try WinSCP which is another free SFTP client. It is important that the server you wanted to connect to is running SSH and the firewall is permitting the SSH traffic.

How to install OpenVPN server on an AWS Cloud instance

Linux

Introduction

Want to access the Internet safely and securely from your smartphone or laptop when connected to an untrusted network such as the WiFi of a hotel or coffee shop? A Virtual Private Network (VPN) allows you to traverse untrusted networks privately and securely to your AWS cloud infrastructure as if you were on a secure and private network. You can circumvent geographical restrictions and censorship, and shield your location and unencrypted HTTP traffic from the untrusted network.

OpenVPN is a full-featured open source Secure Socket Layer (SSL) VPN solution that accommodates a wide range of configurations. In this tutorial, we’ll set up an OpenVPN server on an AWS instance and then configure access to it from Windows and Linux. This tutorial will keep the installation and configuration steps as simple as possible for these setups.

Step-by-step guide

1. Preparing the AWS (Amazon Web Services) instance:

Launch the wizard for a new instance and chose an AMI in our case we chose Centos 7. Create also a security group for allowing communication to the instance on the ports TCP 943, UDP 1194, TCP 443 and TCP 22.

By default OpenVPN Server has 2 daemons running. One of them on UDP port 1194 and another on TCP 443. We recommend that you use the UDP port because this functions better for an OpenVPN tunnel. TCP port 943 is the port where the web server interface is listening by default.

Assign IP address:

  • internal: 172.17.1.126;
  • public(Elastic IP address): x.x.x.x;
  • internal vpn pool: 172.200.1.0/24

DNS:

  • nameserver 172.17.0.2
  • nameserver 8.8.8.8
  • nameserver 4.4.4.4

Security Groups:

  • ICMP Replay
  • ssh-production
  • open-vpn allows TCP 943, UDP 1194, TCP 443 from anywhere (0.0.0.0/0)

Each EC2 instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, an OpenVPN instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the OpenVPN instance.

Select the OpenVPN instance, choose Actions, select Networking, and then select Change Source/Dest. Check.

2. Installing all the needed packages

OpenVpn isn’t available in the default CentOS repositories. So we need to install Enterprise Linux (EPEL) repository.

user@machine: $ sudo yum install epel-release
user@machine: $ sudo yum install openvpn easy-rsa iptables-services tcpdump traceroute -y

3. Configure OpenVPN

The example VPN server configuration file needs to be copied to /etc/openvpn so we can incorporate it into our setup:


user@machine: $ sudo cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
user@machine: $ sudo mkdir /etc/openvpn/keys
user@machine: $ cat /etc/openvpn/server.conf

Once extracted, open server.conf in a text editor,  and configure the following parameters:

port 1194
proto udp
dev tun
tun-mtu 48000
fragment 0
mssfix 0
#Certificate Configuration
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
topology subnet
#a client will be assigned an IP in the private segment of the VPC
server 172.17.200.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#redirect all traffic through our OpenVPN
push "redirect-gateway def1 bypass-dhcp"
#provide DNS servers to the client
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
duplicate-cn
keepalive 10 120
# reduce the OpenVPN daemon's privileges after initialization
user nobody
group nobody
comp-lzo
persist-key
persist-tun
# logging
status openvpn-status.log
log openvpn.log
verb 3
mute 10

4. Generate Keys and Certificates

easy-rsa makes generating certificates and keys simple. First, copy the program to your configuration directory, since you will be modifying values.

user@machine: $ sudo mkdir -p /etc/openvpn/easy-rsa/keys
user@machine: $ sudo cp -rf /usr/share/easy-rsa/*/* /etc/openvpn/easy-rsa

Open the vars file for editing and change the parameters similar to this:

user@machine: $ sudo cat /etc/openvpn/easy-rsa/vars
export EASY_RSA="`pwd`"
export OPENSSL="openssl
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA
export KEY_DIR="$EASY_RSA/keys"
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=2048
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="US"
export KEY_PROVINCE="SC"
export KEY_CITY="City"
export KEY_ORG="Company Name"
export KEY_EMAIL="nobody@company.com"
export KEY_OU="Company"
export KEY_NAME="server"
export KEY_CN="secure.company.com"

# avoid bug
user@machine: $ sudo cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
user@machine: $ cd /etc/openvpn/easy-rsa

# login as root to generate server keys

From the etc/openvpn/easy-rsa/ directory, first clean the directory, then build the certificate authority (CA).


user@machine: # source ./vars
user@machine: # ./clean-all
user@machine: # ./build-ca

You will be prompted to set the CA options. Fill these in with your details or enter y to sign and commit the default key:


Country Name (2 letter code) [US]:US
State or Province Name (full name) [SC]:ENTER
Locality Name (eg, city) [City]:ENTER
Organization Name (eg, company) [Company Name]:ENTER
Organizational Unit Name (eg, section) [Company]:ENTER
Common Name (eg, your name or your server's hostname) [changeme]:vpn@example.com
Name [server]:ENTER
Email Address [secure.company.com]:ENTER

Now build the server key:

user@machine: # ./build-key-server server

Again, set the options. You do not need a password or an optional company name. Enter y to sign and commit the key:

Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password []: ENTER
An optional company name []: ENTER
Certificate is to be certified until Feb 5 14:40:15 2025 GMT (3650 days)
Sign the certificate? [y/n]: y
1 out of 1 certificate requests certified, commit? [y/n] y
Write out database with 1 new entries
Data Base Updated

Finally the Diffie-Hellman key must be generated. This can take some time depending on key size:

user@machine: # ./build-dh

Now that all the server keys and certificates are generated, they should be copied to our OpenVPN configuration directory.


user@machine: # cd /etc/openvpn/easy-rsa/keys
user@machine: # cp dh2048.pem ca.crt server.crt server.key /etc/openvpn/keys

You’re done with the server certificates! Now on to the client certificate.

5. Generating Client Certificates

Each client will also need a certificate and key in order to authenticate and connect to the OpenVPN server. Make sure you’re in the /etc/openvpn/easy-rsa/ directory.

root@machine: #cd /etc/openvpn/easy-rsa/
root@machine: # source ./vars

Run the following command, where clientName is the name you want to use for this particular client certificate.

user@machine: # ./build-key clientname

You will be prompted to enter the country name, city name, etc. again. The process is the same as for the server key generation. This is intended to be the information of the client but none of it really matters
You don’t need a passphrase or company name. Enter y to sign and commit the certificate.

Certificate is to be certified until Oct 7 07:41:23 2025 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

6. Configuring IPv4 NAT Routing

As you know Centos/RHEL 7 is coming with firewalld instead of iptables firewall. For simplicity reason and also that iptables is less complicated we will not use firewalld at least as of now and we’ll continue with iptables commands as we were using in RHEL / CentOS 5 and 6. We will have to use a few systemd related commands to disable firewalld and enable iptables service.


#Install iptables service related packages.

user@machine:# sudo yum -y install iptables-services

#Make sure service starts at boot:

user@machine:# sudo systemctl enable iptables

# If you do not want ip6tables, You can skip following command.

user@machine:# sudo systemctl enable ip6tables

#Now, Finally Let’s start the iptables services.

user@machine:# sudo systemctl start iptables

user@machine:# sudo systemctl status iptables

# If you do not want ip6tables, You can skip following command.

user@machine:# sudo systemctl start ip6tables

We need to enable packet forwarding and this is a sysctl setting which tells the server’s kernel to forward traffic from client devices out to the eth0. Otherwise, the traffic will stop at the server. Enable packet forwarding by editing  sysctl.conf and restarting the network services:

user@machine: $ sudo vi  /etc/sysctl.conf
net.ipv4.ip_forward = 1
user@machine: $ sudo systemctl restart network.service

Now we’re coming back to the iptables and because we’ve already configured security groups allowing only TCP 943, UDP 1194, TCP 443 and ssh from anywhere (0.0.0.0/0) we don’t need to add those rules again on the iptables firewall, but we need to add a nat policy in order to “hide” the VPN pool addresses 172.200.0./24:


user@machine: $ sudo iptables -t nat -A POSTROUTING -s 172.17.200.0/24 -o eth0 -j MASQUERADE
user@machine: # sudo service iptables save
user@machine: # sudo cat /etc/sysconfig/iptables
user@machine: # sudo systemctl stop iptables
user@machine: # sudo systemctl start iptables
user@machine: # sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- ip-172-17-200-0.ec2.internal/24 anywhere

7. Start OpenVPN server

Enable OpenVPN to load on boot and load with the service enable command :

user@machine: $ sudo systemctl enable openvpn@server.service
user@machine: $ systemctl start openvpn@server.service
user@machine: $ systemctl status openvpn@server.service
openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; enabled)
Active: active (running) since Thu 2015-07-30 11:06:26 UTC; 2 days ago

Your OpenVPN server is now running.
For viewing the connected clients and the IP addresses leased to those clients do:

 user@machine: $ sudo cat /etc/openvpn/openvpn-status.log or sudo cat /etc/openvpn/openvpn.log 

8. Connecting a Linux client

First we need to copy on the client computer the the following files(in our example we used scp but you can use other secure methods of copying files on your local computer):


root@machine: $ cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client.ovpn
root@machine: $ cd /etc/openvpn/easy-rsa/keys
root@machine: $ scp clientname.crt clientname.key ca.crt client.ovpn username@local computer:~/OpenVPN/client

Edit the client.ovpn file with the following values:

user@client_machine: $ vi client.ovpn
client
dev tun
tun-mtu 48000
fragment 0
mssfix 0
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca /path//to/ca.crt
cert /path/to/client.crt
key /path/to/client.key
remote-cert-tls server
comp-lzo
verb 3
mute 10

Connecting the client to the OpenVPN server:


user@client_machine: $ sudo openvpn --config /path/to/client.ovpn

Mon Oct 12 18:49:18 2015 OpenVPN 2.3.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 9 2015
Mon Oct 12 18:49:18 2015 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Mon Oct 12 18:49:18 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Mon Oct 12 18:49:18 2015 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon Oct 12 18:49:18 2015 UDPv4 link local: [undef]
Mon Oct 12 18:49:18 2015 UDPv4 link remote: x.x.x.x.227:1194
Mon Oct 12 18:49:19 2015 TLS: Initial packet from x.x.x.x.227:1194, sid=6ef6d3d8 f29d9077
Mon Oct 12 18:49:21 2015 VERIFY OK: depth=1, C=US, ST=SC, L=Charleston, O=Company Name, OU=Company, CN=secure.company.com, name=server, emailAddress=nobody@company.com
Mon Oct 12 18:49:21 2015 Validating certificate key usage
Mon Oct 12 18:49:21 2015 ++ Certificate has key usage 00a0, expects 00a0
Mon Oct 12 18:49:21 2015 VERIFY KU OK
Mon Oct 12 18:49:21 2015 Validating certificate extended key usage
Mon Oct 12 18:49:21 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Oct 12 18:49:21 2015 VERIFY EKU OK
Mon Oct 12 18:49:21 2015 VERIFY OK: depth=0, C=US, ST=SC, L=Charleston, O=Company Name, OU=Company, CN=server, name=server, emailAddress=nobody@company.com
Mon Oct 12 18:49:33 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 12 18:49:33 2015 NOTE: --mute triggered...
Mon Oct 12 18:49:33 2015 4 variation(s) on previous 10 message(s) suppressed by --mute
Mon Oct 12 18:49:33 2015 [server] Peer Connection Initiated with x.x.x.x.227:1194
Mon Oct 12 18:49:35 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Oct 12 18:49:36 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 4.4.4.4,route-gateway 172.17.200.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.17.200.2 255.255.255.0'
Mon Oct 12 18:49:36 2015 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 12 18:49:36 2015 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 12 18:49:36 2015 OPTIONS IMPORT: route options modified
Mon Oct 12 18:49:36 2015 OPTIONS IMPORT: route-related options modified
Mon Oct 12 18:49:36 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 12 18:49:36 2015 ROUTE_GATEWAY 10.1.19.1/255.255.255.0 IFACE=ens32 HWADDR=00:0c:29:ac:83:f9
Mon Oct 12 18:49:36 2015 TUN/TAP device tun0 opened
Mon Oct 12 18:49:36 2015 TUN/TAP TX queue length set to 100
Mon Oct 12 18:49:36 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Oct 12 18:49:36 2015 /usr/sbin/ip link set dev tun0 up mtu 48000
Mon Oct 12 18:49:36 2015 /usr/sbin/ip addr add dev tun0 172.17.200.2/24 broadcast 172.17.200.255
Mon Oct 12 18:49:36 2015 /usr/sbin/ip route add x.x.x.x/32 via 10.1.19.1
Mon Oct 12 18:49:36 2015 /usr/sbin/ip route add 0.0.0.0/1 via 172.17.200.1
Mon Oct 12 18:49:36 2015 /usr/sbin/ip route add 128.0.0.0/1 via 172.17.200.1
Mon Oct 12 18:49:36 2015 GID set to nobody
Mon Oct 12 18:49:36 2015 UID set to nobody
Mon Oct 12 18:49:36 2015 Initialization Sequence Completed
user@client_machine:$ ip route ls
---------missing lines----------------
x.x.x.x via 10.1.19.1 dev ens32
128.0.0.0/1 via 172.17.200.5 dev tun0
172.17.200.1 via 172.17.200.5 dev tun0
172.17.200.5 dev tun0 proto kernel scope link src 172.17.200.6
user@client_machine:$ ip add ls
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
---------missing lines----------------
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 48000 qdisc pfifo_fast state UNKNOWN qlen 100
link/none
inet 172.17.200.2/24 brd 172.17.200.255 scope global tun0
valid_lft forever preferred_lft forever

9. Connecting a Windows client

OpenVPN for Windows can be installed from the self-installing exe file on the OpenVPN download page. Remember that OpenVPN must be installed and run by a user who has administrative privileges (this restriction is imposed by Windows, not OpenVPN). Official OpenVPN Windows installers include OpenVPN-GUI, which allows managing OpenVPN connections from a system tray applet.

First we need to copy on the client computer(C:\Program Files\OpenVPN\config) the following files:


clientname.crt
clientname.key
ca.crt
client.ovpn

This is similar to the linux client configuration. Open client.ovpn and edit the following lines


client
dev tun
tun-mtu 48000
fragment 0
mssfix 0
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\clientname.crt"
key "C:\\Program Files\\OpenVPN\\config\\clientname.key"
comp-lzo
verb 3

Start the OpenVPN client: Start Menu -> All Programs -> OpenVPN -> OpenVPN GUI.
Double click the icon which shows up in the system tray to initiate the connection. The resulting dialog should close upon a successful start.


Mon Oct 12 14:34:20 2015 OpenVPN 2.3.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jul 9 2015
Mon Oct 12 14:34:20 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Mon Oct 12 14:34:20 2015 MANAGEMENT: TCP Socket listening on 127.0.0.1:25340
Mon Oct 12 14:34:20 2015 Need hold release from management interface, waiting...
Mon Oct 12 14:34:20 2015 MANAGEMENT: Client connected from 127.0.0.1:25340
Mon Oct 12 14:34:20 2015 MANAGEMENT: CMD 'state on'
Mon Oct 12 14:34:20 2015 MANAGEMENT: CMD 'log all on'
Mon Oct 12 14:34:20 2015 MANAGEMENT: CMD 'hold off'
Mon Oct 12 14:34:20 2015 MANAGEMENT: CMD 'hold release'
Mon Oct 12 14:34:21 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Oct 12 14:34:21 2015 UDPv4 link local: [undef]
Mon Oct 12 14:34:21 2015 UDPv4 link remote: x.x.x.x:1194
Mon Oct 12 14:34:21 2015 MANAGEMENT: >STATE:1444644261,WAIT,,,
Mon Oct 12 14:34:21 2015 MANAGEMENT: >STATE:1444644261,AUTH,,,
Mon Oct 12 14:34:21 2015 TLS: Initial packet from x.x.x.x:1194, sid=16ae884f 938b44a8
Mon Oct 12 14:34:23 2015 VERIFY OK: depth=1, C=US, ST=SC, L=Charleston, O=Company Name, OU=Company, CN=secure.company.com, name=server, emailAddress=nobody@company.com
Mon Oct 12 14:34:23 2015 Validating certificate key usage
Mon Oct 12 14:34:23 2015 ++ Certificate has key usage 00a0, expects 00a0
Mon Oct 12 14:34:23 2015 VERIFY KU OK
Mon Oct 12 14:34:23 2015 Validating certificate extended key usage
Mon Oct 12 14:34:23 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Oct 12 14:34:23 2015 VERIFY EKU OK
Mon Oct 12 14:34:23 2015 VERIFY OK: depth=1, C=US, ST=SC, L=Charleston, O=Company Name, OU=Company, CN=secure.company.com, name=server, emailAddress=nobody@company.com
Mon Oct 12 14:34:35 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 12 14:34:35 2015 NOTE: --mute triggered...
Mon Oct 12 14:34:35 2015 4 variation(s) on previous 10 message(s) suppressed by --mute
Mon Oct 12 14:34:35 2015 [server] Peer Connection Initiated with x.x.x.x:1194
Mon Oct 12 14:34:36 2015 MANAGEMENT: >STATE:1444644276,GET_CONFIG,,,
Mon Oct 12 14:34:37 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Oct 12 14:34:38 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 4.4.4.4,route-gateway 172.17.200.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.17.200.3 255.255.255.0'
Mon Oct 12 14:34:38 2015 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 12 14:34:38 2015 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 12 14:34:38 2015 OPTIONS IMPORT: route options modified
Mon Oct 12 14:34:38 2015 OPTIONS IMPORT: route-related options modified
Mon Oct 12 14:34:38 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 12 14:34:38 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Oct 12 14:34:38 2015 MANAGEMENT: >STATE:1444644278,ASSIGN_IP,,172.17.200.3,
Mon Oct 12 14:34:38 2015 open_tun, tt->ipv6=0
Mon Oct 12 14:34:38 2015 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{E9B690B5-87CC-40CD-A58C-15CAA7C03FBC}.tap
Mon Oct 12 14:34:38 2015 TAP-Windows Driver Version 9.21
Mon Oct 12 14:34:38 2015 Set TAP-Windows TUN subnet mode network/local/netmask = 172.17.200.0/172.17.200.3/255.255.255.0 [SUCCEEDED]
Mon Oct 12 14:34:38 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.17.200.3/255.255.255.0 on interface {E9B690B5-87CC-40CD-A58C-15CAA7C03FBC} [DHCP-serv: 172.17.200.254, lease-time: 31536000]
Mon Oct 12 14:34:38 2015 Successful ARP Flush on interface [20] {E9B690B5-87CC-40CD-A58C-15CAA7C03FBC}
Mon Oct 12 14:34:43 2015 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Mon Oct 12 14:34:43 2015 C:\Windows\system32\route.exe ADD x.x.x.x MASK 255.255.255.255 10.1.19.1
Mon Oct 12 14:34:43 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Mon Oct 12 14:34:43 2015 Route addition via IPAPI succeeded [adaptive]
Mon Oct 12 14:34:43 2015 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.17.200.1
Mon Oct 12 14:34:43 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Mon Oct 12 14:34:43 2015 Route addition via IPAPI succeeded [adaptive]
Mon Oct 12 14:34:43 2015 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.17.200.1
Mon Oct 12 14:34:43 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Mon Oct 12 14:34:43 2015 Route addition via IPAPI succeeded [adaptive]
Mon Oct 12 14:34:43 2015 Initialization Sequence Completed
Mon Oct 12 14:34:43 2015 MANAGEMENT: >STATE:1444644283,CONNECTED,SUCCESS,172.17.200.3,x.x.x.x


C:\Users\user>route print
===========================================================================
Interface List
20...00 ff e9 b6 90 b5 ......TAP-Windows Adapter V9
15...08 60 6e 0e 8e 4e ......Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet
troller (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.19.1 10.1.19.25 10
0.0.0.0 128.0.0.0 172.17.200.5 172.17.200.6 20
10.1.1.51 255.255.255.255 10.1.19.1 10.1.19.25 10
10.1.19.0 255.255.255.0 On-link 10.1.19.25 266
10.1.19.25 255.255.255.255 On-link 10.1.19.25 266
10.1.19.255 255.255.255.255 On-link 10.1.19.25 266
x.x.x.x 255.255.255.255 10.1.19.1 10.1.19.25 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 172.17.200.5 172.17.200.6 20
172.17.200.1 255.255.255.255 172.17.200.5 172.17.200.6 20
172.17.200.4 255.255.255.252 On-link 172.17.200.6 276
172.17.200.6 255.255.255.255 On-link 172.17.200.6 276
172.17.200.7 255.255.255.255 On-link 172.17.200.6 276

Introducing Android

small-Android_logo

Nowadays, we rely on our phones not only to keep in touch with friends, family, and coworkers, but also to tell us where to go, what to do, and how to do it. An innovative and open platform, Android is well positioned to address the growing needs of the mobile marketplace. Android is a Linux based operating system and a software platform upon which applications are developed.
A core set of applications for everyday tasks, such as Web browsing and email, are included on Android handsets. The platform was designed for the sole purpose of encouraging a free and open market that all mobile applications phone users might want to have and software developers might want to develop on.

History of Android
The Motorola DynaTAC 8000X was the first commercially available cell phone. First marketed in 1983, it was 13 x 1.75 x 3.5 inches in dimension, weighed about 2.5 pounds, and allowed you to talk for a little more than half an hour.
Customers began pushing for more features and more games. But, there was a problem.The handset manufacturers didn’t have the motivation or the resources to build every application users wanted. They needed some way to provide a portal for entertainment and information services without allowing direct access to the handset. And what better way to provide these services than the Internet?

In January 2007, Apple chief executive Steve Job announced the launch of iPhone, first smartphone ever made, a touchscreen handset combining mobile phone, internet access, and iPod music and video playback features. iPhone will use the Apple OS X operating system and allow users to watch movies, download songs and store photos, as well as offering email, calendar and contacts software found in rival products such as the Blackberry. A 4Gb model was available for $499 (£257) and an 8Gb model for $599 (£309).

iphone-4-250x150
Figure 2. First smartphone iPhone

In august 2005 Google has quietly acquired startup Android Inc. The 22-month-old startup, based in Palo Alto, California, brings to Google a wealth of talent, including co-founder Andy Rubin. Android has operated under a cloak of secrecy, so little is known about it’s work. Rubin & Co. has sparingly described the outfit of making software for mobile phones, providing little more detail about that. Now a household name, Google has shown an interest in spreading its brand and suite of tools to the wireless marketplace. Nearly all Google services are free and ad driven. The applications range from simple calendars and calculators to navigation with Google Maps and the latest tailored news from News Alerts—not to mention corporate acquisitions like Blogger and YouTube.
The Open Handset Alliance (OHA) was formed in November 2007, their main purpose was to build a better mobile phone. The OHA is a business alliance comprised of many of the largest and most successful mobile companies on the planet. Working together, OHA members began developing a non-proprietary open standard platform they called the Android project.
The story of open source mobile computing has its roots in Linux. The android kernel is fork of Linux kernel, plus lots of power optimization as android will be running on low powered devices with battery instead of traditional x86 machines and with several additional features necessary for power and resource-efficient operation. The kernel exposes APIs to User for developing applications, in Android its in the form of android-framework (where allows user to develop apps using java language) and Android Native Development.
Collaboration issues between Linux maintainers and Google led to Android being developed independently for a couple of years. The 2011-2012 winter saw the creation of the Android Mainlining Project, whose goal was to integrate Android drivers and features into the mainline Linux kernel.
Google’s involvement in the Android project has been extensive. The company hosts the open source project and provides online documentation, tools, forums, and the Software Development Kit (SDK). More than half the members of the OHA are handset manufacturers, such as Samsung, Motorola, HTC, and LG, and semiconductor companies, such as Intel,Texas Instruments, NVIDIA, and Qualcomm. These companies are helping design the first generation of Android handsets.
The first shipping Android handset—the T-Mobile G1—was developed by handset manufacturer HTC with service provided by T-Mobile. It was released in October 2008. Many other Android handsets are slated for 2009 and early 2010.

googleqwerty
Figure 3. T-Mobile G1

Android Platform Differences

Main strengths of Android platform:

  • Complete: The designers began with a secure operating system and built a robust software framework on top that allows for rich application development opportunities.
  • Open: The Android platform is provided through open source licensing. Developers have unprecedented access to the handset features when developing applications.
  • Free: Android applications are free to develop. There are no licensing or royalty fees to develop on the platform. No required membership fees. No required testing fees. No required signing or certification fees. Android applications can be distributed and commercialized in a variety of ways.


Familiar Language, Familiar Development Environments

The chosen language for developers to build apps for the Android platform was/is a well-respected programming language called Java. At the time Android started, Java was owned by Sun Microsystems and while various talks were held on Google getting a licence in the end no one bothered. Then Oracle bought Sun and since then has been trying to get royalties for the use of the Java bits.
Developers have several choices when it comes to integrated development environments (IDEs). Many developers choose the popular and freely available Eclipse IDE to design and develop Android applications. Eclipse is the most popular IDE for Android development and there is an Android plug-in available for facilitating Android development. Recently Android Studio, an IDE based on JetBrains’ InteliJ IDEA IDE was released.
Thanks to the flexible tools that were selected, nowdays, Android applications can be developed on any of the big operating systems: Windows, Mac OS and Linux.
There is no Java Virtual Machine in the Android platform. Java bytecode is not executed. Instead Java classes are compiled into a proprietary bytecode format and run on Dalvik, a specialized virtual machine (VM) designed specifically for Android.
The Android application framework includes traditional programming constructs, such as threads and processes and specially designed data structures to encapsulate objects commonly used in mobile applications. Developers can rely on familiar class libraries, such as java.net and java.text. To avoid any legal disputes regarding the source code of these libraries (owned by Oracle), Android relies on a completely different implementation, see Project Harmony.
Specialty libraries for tasks like graphics and database management are implemented using well-defined open standards like OpenGL Embedded Systems (OpenGL ES) or SQLite.

The Android packages include support for:

  • Common user interface widgets (Buttons, Spin Controls,Text Input)
  • User interface layout
  • Secure networking and Web browsing features (SSL,WebKit)
  • Structured storage and relational databases (SQLite)
  • Access to optional hardware such as Location-Based Services (LBS),WiFi, and Bluetooth
  • Audio and visual media formats (MPEG4, MP3, Still Images)
  • Powerful 2D and 3D graphics (SGL and OpenGL ES 1.0)

What are the downsides?
Platform fragmentation is an issue for Android OS devices. Vendors do not have uniform policies with respect to OS upgrades and version control, so new application releases may not work reliably across all Android devices. For developers, the variety of device types and form factors that use Android make development more expensive; they must adapt their applications to a variety of screen sizes and manufacturer specifications, test the results on each appropriate device, and ensure compatibility and functionality across the board. Finally, Android applications may pose some privacy or security concerns because, unlike Apple, Google does not oversee or approve third-party Android apps before they go to market.

Conclusion
The popularity of smart phones among consumers means developers must assess the spectrum of operating systems upon which these devices run and determine where their efforts will be best spent. Android and iOS, being the two biggest players in this market, will continue to offer their users similar functionality, making it increasingly practical for the faculty to design mobile applications.
Nowadays, Android can integrate with devices including laptops, netbooks, and tablets, smartwatches, headphones, car CD and DVD players, mirrors, portable media players, etc. There are also talks about developing Android-based car entertainment systems for automobiles.