oudadOS.. My own Operating System Built from Scratch

I am happy to write these lines. It took me a lot of time to understand how operating systems behave. I have been dreaming to make my own operating system from scratch or at least based on Linux kernel. And today I am greatly happy to announce that I finish coding my operating system called “oudadOS” for educational purposes. The aim of writing it is to be used as a learning tool in operating systems classes around the world. I tried to show some concepts that were discussed in some operating systems book in order to fit its educational purposes. It is built with C++ as much as possible along side with Assembly in an object-oriented manner. It is meant to work on Intel 8086 architecture. The name of oudad comes up from the Amazigh language, and it means red deer in English. You can check it out from here: https://github.com/Lekssays/oudadOS . I will be posting some articles about each part of the operating system in my blog. In addition, I made an official website for oudadOS which can be accessed from here: http://oudados.lekssays.com. I will write a documentation for it in the next weeks. It will be posted here: https://lekssays.github.io/oudadOS/ .

Maybe you will notice that some parts are not well done or poorly designed. I tried my best to make it looks better. I believe that it reflects my level because I made a huge effort in making it. I faced many problems and I stopped writing it for weeks because I did not figure out how to implement some parts especially interrupts, multitasking, and GUI. So, please I invite you to raise an issue on the Github repository or make a pull request if you see that some parts should be changed or improved. As I mentioned in the README file, it is a learning experience for me. I am proud that I built it, but this does not mean that it is perfect or good. It reflects my understanding to the topics that I have implemented. For the future improvements, I will try to implement what I mentioned in the README file in the Github repository.

I posted some announcements about building a Moroccan Penetration Testing operating system, but I figured out that our community was not contributing. I was contacted by some friends which really made me happy because they were ready to help. However, I learned that I was not experienced enough to lead such projects. I have been looking for books and articles about building an operating system, and I found that I should first learn about computer architectures. This was a big step in my path to understand how operating systems work. I took computer architectures as a course at Al Akhawayn University in Ifrane, and it helped me a lot to achieve my goal. After that, I started reading about the conception of Linux Kernel. Then, I learned about cross compilers, makefiles, bootloaders, and many other topics.

I agree that building an operating system is not an easy task at all because it needs a good background in what I have discussed before in addition to passion. You cannot build an operating system if you do not master the programming language of your choice. Moreover, there are no clear or complete tutorials about how to build an operating system at least for what I have seen so far in operating systems tutorials or articles. You cannot copy and paste code because such topics are not usually discussed in StackOverflow. Another big issue is that if you found an operating system that is already implemented somewhere, it is hard to understand its logic because each programmer sees things differently. The bible of building an operating system is www.osdev.org , but it provides an abstract understanding of the concepts and sometimes a small implementation of a feature. You should know that OS developers community is hard because they will not help you if they found that you are copying someone else code or if they see that you do not understand even what you are doing. However, they are helpful a lot when it comes to complex problems, and I have faced this when I was implementing interrupts. So, please if you want to build you own operating system make sure that you understand well the theory and the programming language of your choice.

Operating systems design teaches you how to believe. You will notice that a lot of hexadecimal codes are already defined by manufacturers. For instance, the boot magic code 0x1badb002, ports connections for different devices, PCI devices IDs, PCI vendors IDs…They tend to push you just to believe in them.

At this specific moment of my life, I have to acknowledge some people who helped me a lot in achieving this either by supporting me, giving me feedback, or helping me with design decisions. I would like to thank Viktor Engelmann for his series in YouTube “Make your own OS”. He gave me insights about how to build an operating system even if some parts are not well explained because some concepts are hard. I have been following his design for major parts of oudadOS. I would like to thank osdev community for the awesome wiki. I would like to thank Saad Taame for helping me with some design decisions and for giving me feedback when I get stuck in implementing some parts. I would like to thank Dr. Hamid Harroud and Abdelhamid Limami for supporting me to finish this work. I would like to thank also Abdelghafour Mourchid for taking care of the graphical side of the operating system and for the awesome logo.

I hope that the Moroccan community will contribute one day in building a different operating system for penetration testing because it is a great feeling to see that you have built an operating system. It is like your child. You really love it. Maybe some of you will say that there are plenty of penetration testing operating systems. I would argue that by saying that if other developers followed this idea, we would not see BugTraq, ParrotOS, BackBox, DEFT, BlackArch, and many others. I strongly believe that we have the ability to make it and that we need just to believe in it.

oudadOS is made with 148836 in Morocco, and it highly contributes to my ultimate goal which is sharing code, love, and knowledge. I hope that oudadOS will be an added value to the community. I wish it can motivate some of you to contribute to an OS, give you a better understanding of operating systems, or at least give you an overall idea about how operating systems are built.

Ethics, Business, and Computer Science

I am writing this post after a long discussion in class with a professor of computer science here at Al Akhawayn University. I decided to write it to share with the world how I see ethics and business in the context of computer science.

Computer science is first about ethics. It is about sharing the knowledge and the code with the world without expecting something back. Computer science should not be interpreted as a market. It should not be seen as business and money. Computer science is more than that. It is what gathers open source programmers from all around the globe to make an exceptional thing that improves the technology and facilitates human beings’ lives.  I am talking here about Linux as an extraordinary project that changed computing history.

We discussed an idea about the use of those open source projects in a commercial way which was the argument of considering computer science as a business. I did not agree on that idea because people who developed those interesting things are aware of the use since the licensing of their projects is under one of the public licenses that are commonly used in the field. The famous one is GNU Public License with all its versions which establish an ethical contract between the programmer and the user. I did not use the term “client” here because it is not defined in the open source software dictionary.

They argued on the use of Linux today. They claimed that Windows is more used than Linux-based operating systems nowadays. However, they were not aware of the fact that Android is also a Linux-based operating system. In addition, the number of smartphones nowadays is more than the number of computers. Hence, we can conclude that Linux-based operating systems are the famous and widely used ones.

An important point should be mentioned here is that thinking of computer science as a business lowers the quality of the projects. I saw a hackathon made by a Moroccan company here at Al Akhawayn University. It illustrates how people at this happy land think about money more than the quality and ethics. They are selling the illusion to people in the frame of hackathons and under the umbrella of “Entrepreneurs”. They were using those events in order to test their platform for free even if we are neglecting the quality of the platform itself at that point. And the weird question is that no one asked them about their background and their knowledge in the field. Logically, someone who will judge your application should be knowledgeable than you at least at that specific field. Those people are a clear example of using business in computer science which is bad at some extent especially when it comes to incompetent people. Linus Torvalds famous quote applies strongly in this context: “Talking is cheap. Show me the code.”

So, if Linus Torvalds wanted to sell Linux, we would not achieve what we have been achieving. Open source projects taught me to be generous, to like the community, and to help people that I do not know just because they are humans.The important thing is that they are trying to improve people’s lives.

You should just get the point that we are not doing that for fame or money we are doing it for love.

Credits: open-source-world-wallpapers_10169_1024x768.jpg

Description of my Presentation at OWASP AppSec Africa 2017

I was invited to talk at OWASP AppSec Africa 2017 in Casablanca, Morocco on Wednesday, February 1st, 2017. My presentation was entitled:”How Did I Hack Twitter and WhatsApp for iOS?”. I had the honor to present in front of well-educated people about cyber security. I hope this made a change or opened a path for people who want to pursue their careers in cyber security especially in iOS platform.

In this presentation,  I talked about two of my discoveries as a security researcher in Twitter (2014) and WhatsApp (2015) applications for iOS. The first one was an open authentication flaw which allowed me to hijack the active session in Twitter application. The second one was an encryption problem in WhatsApp which allowed me to steal the conversations and contacts that were in that device. After reporting that vulnerability, WhatsApp applied end-to-end encryption which has been leading to the protection of millions of users. These discoveries were considered as achievements because they were the first Moroccan discoveries in iOS platform.

As an introduction to these discoveries, I talked about iOS security architecture which is a rare field in the Moroccan cyber security community . I threw light on the system vulnerabilities that allowed me to access some important files in the installed applications in addition to an overview of iOS security system. I mentioned also some design patters in operating systems design that differ the system, kernel, and user modes called GDT entries or global descriptor tables entries.

One of the famous bugs in iOS is the lock bypass from the device itself or from a computer. At this point, We have 3 main paths to follow: Ubuntu (or another Linux-based distribution), Mac OS X, or Windows. I tried them all. I noticed that they were dealing with the iDevice in different manner. Ubuntu was trying to access it as a physical hard drive while the others were treating it as an iDevice (trying to connect it with iTunes). For WhatsApp, the bug was in iOS 9. I could access the system files including the files of the applications themselves. At this level, I would like to describe how an iOS application works based of the general files hierarchy in iOS. In other words, I would like to explain the role of “.plist” files in iOS system.

Concerning Twitter’s bug, I threw light on the multiple authentication levels in mobile applications. For instance, the access token method which was the main factor in the bug that I discovered in Twitter. Moreover, I would like to talk briefly about the 3rd parties applications that are used largely today and security risks that treat the users. This bug would lead us to explain more the difference between authorization and authentication. This point would explain in depth the real role of the access token.

As a motivation,  I shared the responses of the two Security Teams of the companies which confirmed the vulnerabilities. In addition, I want to share some tips that I used to find those vulnerabilities which would help the interested security researchers in iOS. They will change their minds because the majority of the security researchers consider iOS as a monster. It is known by it is high security mechanisms. However, it has some flows that might be used to discover serious security issues in some well known applications. I hope that this presentation will throw light on the problematic of authentication in cyber security and bring the question of the password as a good or bad authentication factor to the Moroccan cyber security community.

With love,

Image Copyright: https://www.law.georgetown.edu/continuing-legal-education/programs/cle/cybersecurity/images/shutterstock_165303932.jpg

ARM Architecture with a Focus on Cortex-A Family

 

Introduction:

ARM Architecture or Advanced RISC Machine has become one of the most used computer architectures in the world due to its low consumption of energy, its high performance in dealing with small and multiple tasks simultaneously, its low cost, and its small size .  It is largely used  in smartphones, tablets, microcomputers, and embedded systems. It has become a strong alternative for supercomputers needed for data centers because it is a power-efficient solution.

Motivation:

If we look around us, we will find that ARM processors are everywhere. They are always with us. However, the real motivation is that ARM processors are the future of technology. The world is going toward a green and clean technology. A technology that has a high performance, but on the other hand it respects environment. These two features are the main goal behind ARM processors. In addition, they widely used in Internet of Things which is growing and changing the view of the world about technology. And one of the growing applications of IoT is smart homes. Thus, the motivation to learn about ARM Architecture can be seen as personal to develop our own projects or global to save the planet.

Development of the ARM Architecture

Overview of the History of ARM:

The origin of ARM Architecture came from the British technology Acorn Computers which developed ARM or Acorn RISC Machine in 1980s. It was a result of success between Acorn Computers an British Broadcasting Corporation. The first ARM version was ARM1 produced in 1985. After that, ARM Holdings transformed it to Advanced RISC Machine. ARM Holdings is a British company founded in 1990. It does not make the processors themselves. Instead, it designs multicore architectures and microprocessors.

Development Road Map:

ARM has several families depending on the the ARM version from ARMv1 to ARMv8-A. The difference in version can depend on the performance, the field of use, or sometimes the manufacturer because as mentioned before ARM Holdings does not produce processors, but they make their design and architecture and give manufacturing licence to companies such as Snapdragon and Qualcomm. For instance, Cortex-M/R/A(32-bit) are under the umbrella of ARMv7 family. In this presentation, we will focus on Cortex-A/A50 family.

ARM Architecture Profiles

ARM Architecture has three main profiles. They differ in the application of the architecture in real life. First, application profile which is implemented in ARMv7-A, for instance, which includes Cortex-A/A50 family that has several features such as MMS (Memory Management Support), high performance at low power which depends on multitasking done by the operating system. Second,  real time profile which is needed in embedded systems. It is implemented in ARMv7-R, for instance, which includes Cortex-R family. It has features such as protected memory and low latency and predictability “real-time” needs. Third, microcontroller profile is implemented in ARMv7-M, for instance, which includes Cortex-M family. It has features such as the deep embedded use, lowest gate entry point, and deterministic/ predictable  behavior as a key element.

Instruction Sets

For ARM Architecture,  Halfword means 16 bits (two bytes), Word means 32 bits (four bytes), and Doubleword means 64 bits (eight bytes). Most ARM architecture implement two instruction sets the 32-bit ARM Instruction Set and 16-bit Thumb instruction set. The Latest ARM cores such as ARMv8-A which includes Cortex-A family introduce a new instruction set called Thumb-2. It provides a mixture of 32-bit and 16-bit instructions. In addition, some new ARM cores like Cortex-A57 supports 64-bit instructions. They maintain code density with increased flexibility. Jazelle-DBX cores can also execute Java bytecode. For ARM instruction set, all instructions are 32-bit long, and they support many execution in a single cycle. They are conditionally executed. For Thumb instruction set, it is a 16-bit instruction set. It is used to optimize code density from C code (65% of ARM code size) in order to improve performance for narrow memory. It is targeted at compiler generation, so it is independent from hand coding. For Thumb-2 instruction set, it is designed to keep ARM performance and combine it with Thumb code density. In addition to 16-bit instruction set, it adds a 32-bit instruction set to implement almost all ARM functionalities.

For data processing, the available operations in ARM Architecture in Cortex-A8 are:

Arithmetic: ADD ADC SUB SBC RSB RSC  

Logical: AND ORR EOR BIC  

Comparisons: CMP CMN TST TEQ  

Data movement: MOV MVN

They interact just with register, so they do not deal with memory. The second operand in ARM uses an additional register called Barrel Shifter before ALU.

Processor Modes

The ARM has seven basic operating modes:

  • User : unprivileged mode under which most tasks run
  • FIQ : entered when a high priority (fast) interrupt is raised
  • IRQ : entered when a low priority (normal) interrupt is raised
  • Supervisor : entered on reset and when a Software Interrupt instruction is executed
  • Abort : used to handle memory access violations
  • Undef : used to handle undefined instructions
  • System : privileged mode using the same registers as user mode
  • Monitor: a secure mode for TrustZone.

ARM Register Set

ARM has 37 registers that are 32-bits long each. Registers R0 through R7 are the same across all CPU modes; they are never banked. Registers R8 through R12 are the same across all CPU modes except FIQ mode. FIQ mode has its own distinct R8 through R12 registers.

R13 and R14 are banked across all privileged CPU modes except system mode. That is, each mode that can be entered because of an exception has its own R13 and R14. These registers generally contain the stack pointer and the return address from function calls, respectively.

R13 is also referred to as SP, the Stack Pointer, R14 is also referred to as LR, the Link Register, and R15 is also referred to as PC, the Program Counter.

The Program Status Register has the following 32 bits.

  • M (bits 0–4) is the processor mode bits.
  • T (bit 5) is the Thumb state bit.
  • F (bit 6) is the FIQ disable bit.
  • I (bit 7) is the IRQ disable bit.
  • A (bit 8) is the imprecise data abort disable bit.
  • E (bit 9) is the data endianness bit.
  • IT (bits 10–15 and 25–26) is the if-then state bits.
  • GE (bits 16–19) is the greater-than-or-equal-to bits.
  • DNM (bits 20–23) is the do not modify bits.
  • J (bit 24) is the Java state bit.
  • Q (bit 27) is the sticky overflow bit.
  • V (bit 28) is the overflow bit.
  • C (bit 29) is the carry/borrow/extend bit.
  • Z (bit 30) is the zero bit.
  • N (bit 31) is the negative/less than bit.

Exception Handling

When an exception occurs, the ARM:

  • Copies CPSR into SPSR_<mode>
  • Sets appropriate CPSR bits
    • Change to ARM state
    • Change to exception mode
    • Disable interrupts (if appropriate)
  • Stores the return address in LR_<mode>
  • Sets PC to vector address

To return, exception handler needs to:

  • Restore CPSR from SPSR_<mode>
  • Restore PC from LR_<mode>

Instruction Pipeline

The ARM7TDMI uses a 3-stage pipeline in order to increase the speed of the flow of instructions to the processor. It allows several operations to happen simultaneously . FETCH is first stage of pipeline where the instruction is fetched from memory. Then, DECODE which is about decoding the registers used in the instruction. Finally, EXECUTE where registers read from Register Bank Shift and ALU operation and write registers back to Register Bank.

Conclusion

ARM Architecture is one of the the most promising technologies that every computer scientists should know about. It is used everywhere around us. In this presentation, we focused on Cortex-A family which is an application profile. It is used in smartphones because of it is low consumption of energy. We choose it because it supports 32-bit and 64-bit architectures which is a new step in ARM architecture’s history. It is the step that allowed famous companies such as Apple and Samsung to support 64-bit operating systems in their mobile phones and also 64-bit operating systems in Raspberry Pi in order to increase its use in building green data centers.

References

ARM – Architecture Reference Manual http://www.arm.com/.

ARM Architecture A8 Presentation Slides. http://www.arm.com/files/pdf/ARM_Arch_A8.pdf

Cortex-A Series Processors. https://developer.arm.com/products/processors/cortex-a

P. Dutta, Electrical Engineering Teaching Slides, Electrical Engineering and Computer Science Departement, University of Michigan. https://web.eecs.umich.edu/~prabal/teaching/eecs373-f11/readings/ARM_Architecture_Overview.pdf

  1. Stallings, Computer Organization and Architecture: Designing for Performance.

Image copyright: http://www.silicon.co.uk/wp-content/uploads/2011/10/ARM-Cortex-A15.jpg

How Linux Affected my Life?

I have been using Linux-based operating systems since 2012. I have been building a strong relationship with my favorite operating system Ubuntu. When I thought deeply about it back then, I realized that it is not just an operating system. GNU/Linux is a philosophy in computer science. It is an independent way of thinking. It brings us to talk about the open source projects. These kind of projects show that great things are made by many people who love what they are doing. They are based on contribution and combination of millions of developers around the globe who are different in many aspects of life. They have different religions, different cultures, and different languages. However, code and love of making people’s lives better unite them.

It affected my way of thinking, my behavior towards myself and my environment. It taught me that life is not all about money. Life is about helping other people even if they do not know who you are or what you are doing.  We gain good friends who share the same interest with us or maybe just respect us because we are doing something that they think it is valuable for them or the community in overall.  Some of them do not understand or give the necessary value to what I am doing, and they decide to leave because they think I have a boring and nerdy life. It is their problem because I believe I am doing the right thing for my personal satisfaction. Some of them encourage me everyday and teach me everyday in all life’s aspects, and they accept me as I am. I will show to those people that I worth their confidence.

It affected my decisions. When I want to make a decision, I think a lot about it. Linux taught me that there is no way to return to the previous state. When you type “sudo rm -rf /opt/folder”, there is no way (without forensics headache of course) to return back on time to the normal state. It taught me to be strong and precise in my decisions.  In addition, when you type “sudo” at the beginning of any command, Linux taught me to assume my responsibilities and to be professional in my decisions. It has two different states: normal and superuser state. So, it taught me to separate the professional and personal life. The professional one needs careful management and strong behavior.  On the other hand, the normal one cannot decide on some very important life decisions, so it can be handled without any additional stress or thinking.

It affected my emotions. I started to think in a binary approach. I do not take or think about the decision twice. When I decide on something, I assume my responsibility in terms of the consequences that it might have. So, in life either you get 0 or 1. I do not believe in 0.5. Adopting this approach causes consecutive failures in my social and emotional side. However, it is still clear in my mind because there is no such state between love and hate.

GNU/Linux is not just an operating system. It represents the way of thinking of millions of noble souls who made the Humanity great by connecting the individuals and providing a wonderful platform for the new technologies to appear.

Image Copyright: AudioBoom https://d15mj6e6qmt1na.cloudfront.net/files/images/1745/5387/trh_open_source_artwork_wide-a351735085ed65356885b7e1df06a4172f251b6c.jpg

Build a Simple Cloud Server Using the Open Hardware Technology

Abstract

Data storage has become a critical problem that facing computer scientists. Not only is it the huge amount of data; it is also also the problem of safety and privacy because of the revolution of information technology security. In order to find a possible solution to these problems, this project combines open hardware and open source software. It is based on Raspberry Pi 2, which is a single-computer board with powerful characteristics (Quad-Core CPU, 1GB in the RAM and 3D Full HD graphic) and OwnCloud, a file sharing web script. The main challenge of this project is how to combine eight (or more) Raspberry Pi and make them as one cloud server with parallel processing. Presently, a web server fulfilling these requirements is $2000, but the price of the same server made with Raspberry Pi is $500.

We aim to address the following questions:

  1. What is the Open Hardware Technology?
  2. How we can combine eight Raspberry Pi in a parallel processing?
  3. How we can make a secure file sharing environment using OwnCloud?

Only large companies can buy one due to the cost. On the other hand, the Raspberry Pi server can be made by anyone with the money. This simple cloud server is secure because the OwnCloud script will be configured with a SSL certificate to encrypt the user’s data to prevent the Man in the Middle attacks. Furthermore, the companies’ employers will be able to share their files privately without using any external drive, which avoids the transfer of viruses and malware. In addition, the companies’ files will be hidden from attackers because the server will be local. Consequently, they will be seen by the people who are connected to the same network with the server. This project uses a combination of open hardware and open software technology, so it will be developed and updated by developers around the world.

This cloud server will be made with two main steps: first, the building of the server (the hardware part) by installing and configuring Raspbian OS in the first Raspberry Pi, and then, the installation and configuration of MPICH and MPI4PY libraries and applying the same configuration in the other boards. Second, the preparation of the server to be able to run the OwnCloud script (the software part). That is will be made by installing and configuring PHP5, APACHE2 and OPENSSL packages. Then, we will configure the OwnCloud’s databases system and admin account. As a result, the server will have the following characteristics:

  • CPU: 7.2 GHZ / 32 Cores
  • HDD: 512 GB
  • RAM: 8 GB
  • Graphics: 3D / Full HD 1080p + 8 HDMI Ports

You can buy one for about $516.

Introduction

Raspberry Pi 2 is a single-board computer that allows us to create a lot interesting projects by programming this board to do the specific tasks with a suitable price. This board is created by Raspberry Pi Foundation to support the teaching of computer science around the world, and to promote the open hardware technology. We will discuss together the method of creating a simple cloud server with Raspberry Pi 2. This cheaper server will allow the people who are connected to the same network to store and share their files together on the cloud in a secure way. On the other hand, we will use OwnCloud script, which is a free and open source file sharing software. Therefore, our project will be a combination of an open hardware and an open source software to introduce what is called now the Open Cloud Technology. I believe that the Open Hardware technology can improve the creativity of the computer science students .

Building the server

Requirements :

To build this simple server we need :

Hardware :

  • 8 x Raspberry Pi 2
  • 1 x Switches 8 Ethernet Ports
  • 2 x USB 2.0 Hubs ( 2 x 4 Ports )
  • 8 x SD Cards ( 8 x 64GB )
  • 8 x Power cables ( Micro USB )
  • 10 x Networking Cables

Software :

  • OS : Raspbian OS
  • Apps :
    • Win32-disk Imager
    • MPICH sources
    • MPI4PY

The challenge of this project is how to combine of 8 Raspberry Pi that each one has the following technical characteristics:

  • 900 MHz Quad-Core ARM Cortex A7 CPU
  • 1 GB RAM
  • 4 USB ports
  • 40 GPIO pins
  • Full HDMI port
  • Ethernet port
  • 3.5 mm audio jack and composite video
  • Camera interface (CSI)
  • Display interface (DSI)
  • MicroSD card slot
  • BroadCom VideoCore IV 3D graphics core

So if we combine only 8 Raspberries, we will have a server which has these characteristics :

  • CPU : 7.2 Ghz / 32 Cores
  • HDD : 512 GB
  • RAM : 8 GB
  • Graphics : 3D / Full HD 1080p + 8 HDMI Ports.

Install and Configure Raspbian OS in the First board (Pi01) :

In this step, we will install and configure the Raspbian OS on the Raspberry Pi 2. First, we should write in each MicroSD card the number of the Raspberry Pi 2 ( Pi01, Pi02, Pi03, …) to organize our work. Take the MicroSD card (Pi01) and connect it to your laptop. After that, download Raspbian OS from this link

Download Raspbian OS and Win32-Disk Imager by filling out the form below:

After connecting your MicroSD card (Pi01), select it, click browse, and select your Raspbian image then click Write.

For more details you can read this documentation by Raspberry Pi Foundation :

For Windows : Windows Documentation

For Mac : Mac Documentation

Once the burning of Raspbian OS image finished, connect the MicroSD card to your Raspberry Pi (Pi01) this board will control the other boards to create a parallel processing system. Then, connect power cable, keyboard, mouse and Ethernet cable. You will see this screen below:

Figure 1 Raspberry Pi Configuration Screen

If not, try to type sudo raspbi-config . After that, configure the expand file system, overlock the Raspberry Pi to 900 Mhz, change the hostname to Pi01, split the memory to 16 MB graphics, and enable the SSH mode to allow us to control the board via another laptop ( in the same network). Before you reboot the board, enable the auto login by typing at the command line sudo nano /etc/inittab to edit the inittab file. Find this line #1:2345:respawn:/sbin/getty –noclear 38400 tty1 and comment out it by deleting ‘#’, and add this line in beneath it 1:2345:respawn:/bin/login -f pi tty1 </dev/tty1 >/dev/tty1 2>&1 . Now, you can reboot your board.

Configure the MPICH :

MPICH is an open source software that allows to us to create a multi-processing communication between computers in a parallel way. You can install this software by following these directions.

(Download mpich-3.1.tar.gz because it is the stable version)

  • tar xfz mpich-3.1.tar.gz ( Decompress the package )
  • sudo mkdir /home/rpimpi/ ( Create a directory which name is rpimpi in the home folder / You need the root permissions )
  • sudo mkdir /home/rpimpi/mpi-install (Create a directory which name is mpi-install in /Home/rpmi // You need the root permissions )
  • mkdir /home/pi/mpi-build (Create a directory which name is mpi-build in /home/pi/ )
  • cd /home/pi/mpi-build ( Open this directory)
  • sudo apt-get install gfortran ( Install GNU gfortran compiler package )
  • sudo /home/pi/mpich3/mpich-3.1/configure-

prefix=/home/rpimpi/mpi-install (Configure the build )

  • sudo make ( Determine which part of the program must be recompiled )
  • sudo make install ( Execute the MakeFile )
  • nano .bashrc
    • PATH=$PATH:/home/rpimpi/mpi-install/bin

    (Add the MPI to the BASHRC boot file )

  • sudo reboot (Reboot the device)
  • mkdir mpi-testing ( Create this directory to test that MPI is working for a single node )
  • cd ~ ( Change directory and Go to /home)
  • cd mpi-testing ( open this directory )
  • ifconfig ( Your IP will be like : 192.168.1.* )
  • nano machinefile ( Add your IP to it : 192.168.1.* ) ( Edit machinefile)
  • mpiexec -f machinefile -n 1 hostname ( Test of MPI)

If the console displayed raspberry pithe MPI is working.

Install and Configure MPI4PY :

We installed gfortran a C compiler, and we know that Raspberry Pi is a python coding environment, so we should install MPI4PY package to compile *.py files. You can follow these steps to install and configure MPI4PY :

(Download MPI4PY package)

  • tar -zxf mpi4py-1.3.1 ( Decompress MPI4PY package )
  • cd mpi4py-1.3.1 ( Open mpi4py-1.3.1 folder )
  • python setup.py build ( Build the setup.py file )
  • python setup.py install ( Execute the setup.py file)
  • export PYTHONPATH=/home/pi/mpi4py-1.3.1 ( Make PYTHONPATH variable )
  • mpiexec -n 5 python demo/helloworld.py ( Test if MPI works for Python )

Install and Configure Raspbian OS on the other boards :

After finishing this procedure, we will have another image of the Raspbian OS which is configured to be able to use it in the other boards ( Its size is greater than the original image). So we will clone this image to all the other MicroSD cards ( Pi02,P03,Pi04,….,Pi08).

We will use the same method for all the boards. First, you should turn off the MicroSD card from the first Raspberry Pi by taping:

  • sudo poweroff

Then, connect the other MicroSD card (Pi02) in your laptop, and burn the new Raspbian image in it using Win32-Disk Imager (like in the previous steps), and repeat that for all of the MicroSD card (Pi03, Pi04… Pi08). After that, you should install nmap to control your network by typing in the terminal:

  • sudo apt-get update
  • sudo apt-get install nmap

Before we continue, you should connect all the boards to the router and the power, and insert the MicroSD cards in each one. In order to configure the network status of each Raspberry Pi, you should determine your internal IP by typing:

  • ifconfig
  • sudo nmap -sn 192.168.1.* (Scan subnet for the boards on the network)

We should first connect to all the boards with ssh protocol and do the same configuration listed in chapter 1.2 (The Raspberry Configuration Screen) and change the hostname to Pi0* (the appropriate value) using these commands.

You will configure all these Raspberry Pi’s from Pi01.

  • Pi02
    • ssh pi@192.168.1.3
    • sudo raspi-config
  • Pi03
    • ssh pi@192.168.1.4
    • sudo raspi-config
  • Pi04
    • ssh pi@192.168.1.5
    • sudo raspi-config
  • Pi05
    • ssh pi@192.168.1.6
    • sudo raspi-config
  • Pi06
    • ssh pi@192.168.1.7
    • sudo raspi-config
  • Pi07
    • ssh pi@192.168.1.8
    • sudo raspi-config
  • Pi08
    • ssh pi@192.168.1.9
    • sudo raspi-config
  • mpiexec -n 1 hostname (Run the test file)
  • mkdir mpi_test ( Create a test directory)
  • cd mpi_test (Open the test directory)
  • nano machinefile ( Create the machinefile file to allow to the MPI to read them)
    • 192.168.1.2 (Pi01)
    • 192.168.1.3 (Pi02)
    • 192.168.1.4 (Pi03)
    • 192.168.1.5 (Pi04)
    • 192.168.1.6 (Pi05)
    • 192.168.1.7 (Pi06)
    • 192.168.1.8 (Pi07)
    • 192.168.1.9 (Pi08)
  • mpiexec -f machinefile -n 8 hostname (To test that everything is working)

Unfortunately, you will see that only Pi01 works because we don’t have the permissions to write and read the other boards. In order to solve this problem, we should create authentication keys by following the commands below.

  • This step will allow you to add the public-private keys to the boards :
    • PI01
      • ssh-keygen (Generate a new key and save it in /home/pi/.ssh/id_rsa without PASSWORD)
      • cd ~
      • cd .ssh (Open .ssh directory)
      • cp id_rsa.pub pi01 (Copy the key to a new file called pi01)
      • ssh pi@192.168.1.3 (Connect to Pi02 and do the same thing by following the commands below)
    • PI02
      • ssh-keygen
      • cd .ssh
      • cp id_rsa.pub pi02
      • scp 192.168.1.2:/home/pi/.ssh/pi01 .
      • cat pi01 >> authorized_keys
      • exit
      • ssh pi@192.168.1.4
    • PI03
      • ssh-keygen
      • cd .ssh
      • cp id_rsa.pub pi03
      • scp 192.168.1.2:/home/pi/.ssh/pi01 .
      • cat pi01 >> authorized_keys
      • exit
      • ssh pi@192.168.1.5
    • PI04
      • ssh-keygen
      • cd .ssh
      • cp id_rsa.pub pi04
      • scp 192.168.1.2:/home/pi/.ssh/pi01 .
      • cat pi01 >> authorized_keys
      • exit
      • ssh pi@192.168.1.6
    • PI05
      • ssh-keygen
      • cd .ssh
      • cp id_rsa.pub pi05
      • scp 192.168.1.2:/home/pi/.ssh/pi01 .
      • cat pi01 >> authorized_keys
      • exit
      • ssh pi@192.168.1.7
    • PI06
      • ssh-keygen
      • cd .ssh
      • cp id_rsa.pub pi06
      • scp 192.168.1.2:/home/pi/.ssh/pi01 .
      • cat pi01 >> authorized_keys
      • exit
      • ssh pi@192.168.1.8
    • PI07
      • ssh-keygen
      • cd .ssh
      • cp id_rsa.pub pi07
      • scp 192.168.1.2:/home/pi/.ssh/pi01 .
      • cat pi01 >> authorized_keys
      • exit
      • ssh pi@192.168.1.9
    • PI08
      • ssh-keygen
      • cd .ssh
      • cp id_rsa.pub pi08
      • scp 192.168.1.2:/home/pi/.ssh/pi01 .
      • cat pi01 >> authorized_keys
      • exit
    • We are in PI01: Add the other boards to the authorized_keys list :
      • scp 192.168.1.3:/home/pi/.ssh/pi02
      • cat pi02 >> authorized_keys
      • scp 192.168.1.4:/home/pi/.ssh/pi03
      • cat pi03 >> authorized_keys
      • scp 192.168.1.5:/home/pi/.ssh/pi04
      • cat pi04 >> authorized_keys
      • scp 192.168.1.6:/home/pi/.ssh/pi05
      • cat pi05 >> authorized_keys
      • scp 192.168.1.7:/home/pi/.ssh/pi06
      • cat pi06 >> authorized_keys
      • scp 192.168.1.8:/home/pi/.ssh/pi07
        cat pi07 >> authorized_keys
      • scp 192.168.1.9:/home/pi/.ssh/pi08
      • cat pi08 >> authorized_keys

Configure your File Sharing Cloud Server :

Download the needed packages :

After we built our server, we will work on Pi01 because it controls all the other boards. First, we should give it a static internal IP. (As mentioned before, the IP of Pi01 is: 192.168.1.2 )

Follow these directions to give it a static IP :

  • sudo nano /etc/network/interfaces (Edit the interfaces file)

Figure 2 /etc/network/interfaces file

Then, save, exit the file and restart the networking to apply the new configurations.

  • sudo /etc/init.d/networking restart

After that, we check that our OS is updated.

  • sudo apt-get update

After we finish these steps, we will install :

  • Apache with SSL ( To make our server a web server and secure the file transfering by SSL Certificate. The URL of our server will be : https://192.168.1.2/ )
  • PHP5 ( To configure our server to read and host .php file )
  • PHP5 APC ( To increase to speed of the page loading )
  • sudo apt-get install apache2 php5 php5-json php5-gd php5-sqlite curl libcurl3 libcurl4-openssl-dev php5-curl php5-gd php5-cgi php-pear php5-dev build-essential libpcre3-dev php5 libapache2-mod-php5 php-apc gparted

Configure the downloaded packages :

Configure the PHP5 APC :

First, we should install the apc package:

  • sudo pecl install apc
  • sudo nano /etc/php5/cgi/conf.d/apc.ini (Edit the apc.ini file)

Add these lines to the apc.ini file and save it:

extension=apc.so

apc.enabled=1

apc.shm_size=30

Configure the APACHE2 and OPENSSL :

In order to configure the apache, you should first edit the file php.ini.

  • sudo nano /etc/php5/apache2/php.ini

First, try to find upload_max_filesize and post_max_size . Then, change the value to 1024MB to allow the user to upload a file which size is 1GB.

Second, try to find externsion= and put the value to acp.so ( externsion=acp.so ).Save the file and exit.

  • sudo nano /etc/apache2/sites-enabled/000-default

When this file is opened, we need to change allow over ride to all from none.

  • sudo a2enmod rewrite
  • sudo a2enmod headers
  • sudo openssl genrsa -des3 -out server.key 1024; sudo openssl rsa -in server.key -out server.key.insecure;sudo openssl req -new -key server.key -out server.csr;sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt;sudo cp server.crt /etc/ssl/certs;sudo cp server.key /etc/ssl/private;sudo a2enmod ssl;sudo a2ensite default-ssl

( Configure OPENSSL )

  • sudo service apache2 restart ( Restart apache to apply these configurations)

The importance of OPENSSL is that he protect the user from Man in the Middle attacks which allow the attacker to steal the user’s personal data such as the email, password and transferred image in the network by encrypting the ingoing and outgoing connections ( See Figure 3 below ).

Figure 3 Man in the Middle Attacks

Configure the OwnCloud Script :

OwnCloud is an open source web-based script which allows to users to store and share their files between them in the cloud. The important thing about OwnCloud is that it support all devices (as you can see in Figure 4).

Figure 4 How OwnCloud Works

In order to install this script in our server, we should first download its package.

  • wget http://mirrors.owncloud.org/releases/owncloud-4.5.1.tar.bz2
  • sudo tar -xjf owncloud-4.5.1.tar.bz2 (Decompress the package)
  • sudo cp -r owncloud /var/www (Copy the directory to the web root)
  • sudo chown -R www-data:www-data /var/www/owncloud/ (Give the webserver permissions to access to OwnCloud directory)
  • sudo nano /var/www/owncloud/.htaccess (Edit the .htaccess file // Do the same thing of php.ini file change the size of upload to 1024MB)

Then, go to your browser and type
https://YOURIPADDRESS/owncloud(For us the IP is : 192.168.1.2)

You will be redirected to the setup main page.

Enter The Admin Username
Enter the Admin Password
Specify the OwnCloud directory location
Select the database system ( In our case SQLite )

As you see in the figure 5 below :

Figure 5 The Configuration Interface of OwnCloud

Conclusion :

To sum up, this cloud was made by a combination of 8 single-computer boards and a file sharing script. As you can see, if we use the Open Hardware Technology well, we can do creative projects at minimum costs. As a result, we made together a simple cloud server that will help companies employers with sharing their files without any risk with :

8 x Raspberry Pi 2 (8 x 35$ = $280)
1 x Switches 8 Ethernet Ports ($25)
2 x USB 2.0 Hubs (2 x 4 Ports) ($10$
8 x SD Cards (8 x 64GB) (8 x $25 = $200)
8 x Power cables (Micro USB) ( Included in Raspberry Pi package )
9 x Networking Cables (Included in Raspberry Pi Package + 1 cable we buy it with $1 )

Total: 280+25+10+200+1 = $516

However, the webservers’ price is: +$2000

References