tag:blogger.com,1999:blog-22481173043349588982024-02-07T18:55:18.769-08:00Thoughts of a technocrat as letter sequencesIT, technology, greek politics, system administration, linux, information securitykompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.comBlogger45125tag:blogger.com,1999:blog-2248117304334958898.post-31620104980082901052020-04-20T13:26:00.000-07:002020-04-20T13:35:17.196-07:00Infosec security considerations for the Norwegian smittestopp covid19 tracking application<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
Norway has employed contact tracing as one of the measures in the fight against the Covid19 pandemic with its <a href="https://www.simula.no/news/digital-contact-tracing-qa" target="_blank">"Smittestopp" application</a>. That application was hailed as safe to use and was even recommended by the Norwegian prime minister who <a href="https://www.tv2.no/a/11380967/" target="_blank">prompted the public to download and use the app (link in Norwegian)</a>. While urgent situations require urgent measures and I personally consider the app a step in the right direction, there are serious technical/information security objections about the way Norway has implemented it. Some of them concern the structure of tracing applications in general, whereas others are specific to how the Simula Lab and FHI have chosen to roll it out. I offer these opinions as an active infosec researcher and IT practitioner. I am employed by the University of Oslo and I consult for a private cybersecurity firm, but I declare openly that I have no conflict of interest with the authors that made the "Smittestopp" app, neither I express in this article the views of the University of Oslo nor Steelcyber Scientific. Opinions are my own. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It is my assertion that people should think twice before downloading and using the "Smittestopp" application in its current form/implementation. This is especially true for people that use older Android (versions 8 and 9) mobile devices, as well as older versions of iPhones AND perform important (business critical) functions with them: e-banking, logging in to sensitive systems, etc. </div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
Before I list the technical objections in support of my assertion, it's useful for the reader to read <a href="https://techcrunch.com/2020/04/18/what-is-contract-tracing/" target="_blank">excellent general references on how contact tracing works in principle</a>. The Norwegian implementation follows the same principle, yet with distinct choices that really degrade the quality of the solution. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
My first objection has to do with the <u><b>accuracy</b></u> of Bluetooth to estimate the proximity of other devices. This is not only a problem in the Norwegian implementation but a global issue. In particular, the Bluetooth protocol uses the <a href="https://www.bluetooth.com/blog/proximity-and-rssi/" target="_blank">Received Signal Strength Indicator (RSSI)</a> to measure distance between devices. The principle is that the stronger the signal, the closer the devices are to each other. However, different bluetooth chipset implementations measure RSSI in slightly different ways. In addition, a particular variant of Bluetooth called <a href="https://en.wikipedia.org/wiki/Bluetooth_Low_Energy#Proximity_sensing" target="_blank">'Bluetooth Low Energy' or 'Bluetooth LE' </a>that seems to be available in most mobile phones and is used for proximity sensing is very noisy. It's transmission frequency often interferes with other devices in the 2.4 GHz range, such as older WiFi routers, unshielded USB cables, microwave ovens. The device would do its best to extend the 'beacons' (pulses that use to advertise the presence and availability) by keeping constant time and regulating the transmission power to overcome other sources of interference. In such a frequency congested environment, a real distance of 1.5 meters could really be estimated as 2.5 meters (false negative), or a real distance of 2.5 meters could be estimated to over 1.5 meters (false positive). The reliability of the collected data will certainly have to be software corrected by unproven heuristics. <a href="https://www.howtogeek.com/403606/bluetooth-5.1-whats-new-and-why-it-matters/" target="_blank">Bluetooth 5.1</a> will improve the data reliability, however, as it came out in the second half of 2019, we will not see it being adopted by mobile phone vendors until sometime in 2020/21. Most devices operate with the noisy and inaccurate Bluetooth LE, as I write this. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
My second objection is with the<u><b> cyber security aspects of having your Bluetooth LE advertising all the time in the open important device credentials</b></u>, exchanging data and all this <u><b>in an extended transmission range</b></u>. Amongst the various things advertised in the open by a Covid19 tracking app (the Norwegian "Smittestopp" is no exception) is a unique device identifier (or UUID). The idea here is to be able to identify you with the rest of the devices that are in proximity and have your phone say "Hi, I am here! Are you there?", without revealing your real world identity (name, phone number) to the rest of the mobile phone users. This is an essential aspect of user privacy because the theory says that an adversary can use unique identifiers of your phones (MAC address, IMEI) to get back to you. Your mobile phone provider for example, logs the IMEI address and relates IMEI addresses and phone numbers. The thing here is that even if the Simula/FHI app authors take all the precautions in the world to make a good, anonymous UUID to broadcast your presence, they cannot control other vulnerabilities that exist in the implementation protocol. These vulnerabilities exist for a wide range of mobile phone bluetooth chipsets and mobile operating systems. Various <a href="https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/" target="_blank">Android Bluetooth</a> and <a href="https://www.cbronline.com/news/apple-cves-google" target="_blank">Apple Bluetooth</a> implementations have been found vulnerable and historically, the abuse of the Bluetooth protocol in what we call as <a href="https://phoenixts.com/blog/hacking-bluetooth-devices-bluebugging-bluesnarfing-bluejacking/" target="_blank">bluejacking/bluesnarfing attacks </a>has caused problems. Remember, Bluetooth LE can transmit sometimes up to 100 meters, check the specs of the protocol, it can certainly do that to try and overcome noisy environments by regulating transmission power. That's music to the ears of an adversary who can exploit these weaknesses to execute arbitrary code in your vulnerable mobile phone. This can seriously jeopardize anonymity and mobile device integrity. <br />
<br />
So far, I hope I have established a good basis that justifies why bluetooth can provide unreliable data and open the door to attacks, let alone the things it will do to the battery of a mobile phone. This is not specific to the Norwegian implementation of the app. The following paragraphs will elaborate on the objections I have on the peculiar aspects of the Norwegian implementation.<br />
<br />
First of all, I have to pick on the fact that Simula/FHI have claimed the shortness of time for not releasing open source code for the purposes of transparency and critical system review. I regret saying that this is shockingly contrary to every good research practice. When a public institution/research entity that is funded in general by taxpayer's money (even if not for the purposes of the "smittestop" project) should never go down that way. You are asking people to trust you with their personal data. We (experts and practitioners) have no way to see critical issues such as how you generate the UUID and what exactly are you doing to handle the Bluetooth inaccuracies. I will also need to criticize their <a href="https://www.simula.no/news/digital-contact-tracing-qa#What%20about%20other%20solutions" target="_blank">statements that Open Source does not contribute to privacy.</a> The issue here is not to contest whether closed source or open source is more suitable to safeguard privacy. We can easily refute their arguments by stating that the Linux kernel whose source code and is open at large is used by mission/life critical systems successfully. The issue is how one can enable a process for a suitable number of experts to comment on and improve. I have no doubt that Simula and FHI have capable people. I doubt that they and the (IMHO) <a href="https://www.regjeringen.no/no/aktuelt/ekspertgruppe/id2697068/" target="_blank">intransparently appointed panel of external experts</a> have enough experties to secure systems whose scope and scale are similar to the needs of the task in such a short time. Have these people approved the app as safe and reliable and if yes, how did they miss issues pointed out here <a href="https://www.nrk.no/norge/hundrevis-av-it-eksperter-fra-hele-verden-ut-mot-sporingsapper-som-norske-smittestopp-1.14988352" target="_blank">as well as many other ones</a>?<br />
<br />
Finally, the transparency and expert review measures do not concern only the source code but the entire infrastructure including central storage/processing activities. We are assured that all relevant measures have been taken to safeguard the data, yet no standards that these procedures/infrastructure adhere to are mentioned. I wonder why.<br />
<br /></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<span style="background-color: white; color: #505050; display: inline; float: none; font-family: "gilroyregular" , "arial" , sans-serif; font-size: 20px; font-style: normal; font-weight: 400; letter-spacing: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: -2px;"></span></div>
</div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com1tag:blogger.com,1999:blog-2248117304334958898.post-35499310831987676042020-03-19T11:03:00.000-07:002020-03-19T11:03:10.308-07:00Steps to increase your online/Internet usage efficiency during the coronavirus outbreak<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
The
world is in the process of adapting to remote work/home office
solutions. This is something that is going to last throughout the
coronavirus outbreak and is a practice/paradigm that is going to remain
long after the world tackles the covid19 pandemic. The world wide
telecommunications infrastructure is as critical as the health system
facilities and the transportation/supply chain. We need to keep the
world going and if we are not coordinated and able to
communicate/exchange information, this is not going to be good for us. </div>
<br />
<div style="text-align: justify;">
As
the world is correctly trying to flaten the curve of the covid19 cases
to ease the burden on national/regional health systems, it also needs to
flaten the load on the telecommunications infrastructure for the same
reasons. Regional, national and international data networks are already
facing traffic capacity problems. This is because a large number of the
wired and wireless services (Mobile telephony, home broadband services)
operate on a <a href="https://en.wikipedia.org/wiki/Contention_ratio" target="_blank">contention ratio principle</a>.
In simple terms, if we have for example 10000 users in an
infrastructure, the data networks are designed to serve only 1000 of
them simultaneously. The 1001st simultaneous user would either
experience drop of service or degraded service quality (slow not well
functioning connections). While the contention ratio principle is not
directly applicable to more modern networks (say Fiber to
Home/Premises), it applies to a large part of the world, where
copper/telephone wire is still the medium of offering broadband services
(ADSL/ADSL+). Consequently, even if you are in a country where it has
very good capacity on broadband networks and telephony (South
Korea,Japan, Scandinavian countries), your online actions still impact
the infrastructure on countries that are less well equipped in their
infrastructure (sadly most other countries, including Europe, the US,
Africa, India, China). </div>
<br />
<div style="text-align: justify;">
If
these problems increase and outpace the efforts of Internet Service and
Telecommunication providers to gradually increase (where possible) the
capacity, ISPs will start rationing/prioritize the traffic and this will
impact everyone in a negative. As a network and devops engineer, I
already see this problem and I would like to suggest simple steps that
will make a big impact on traffic numbers and will help everyone.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>1. Avoid sending/forwarding those long 'funny' viral videos on social media/WhatsApp/Viber chat:</b>
If you are at home on an ADSL connection which is asymmetric, or on a
mobile data plan in a densely populated area, you are using scarce
valuable capacity (and possibly money, eating up your account credit).
Is it really important that you send the video? Can you just send a text
describing the situation or even a voice call, when you check on your
folks/friends instead and talk about it? That might be preferable.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>2. Use video calls only when absolutely necessary</b>:
That might sound harsh, right now that most of us are closed at home
and we need human contact. If for example, you are a psychologist and
you need visual on your patient, do use it by all means. However, if you
want to call someone for a practical issue (shopping, arrange
something) do you really have to video call? If something is short,
practical and can be done by voice, please think before pressing the
Video call button. Choose the voice only option instead. This is
especially true for work online meetings with a large number of
participants. If you only need to listen and watch a screencast from the
presenter in an online meeting, why do you really need your camera on?</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>3. Please throttle down your torrent/P2P traffic</b>:
If you share large files via torrent from home/work connections,
consider throttling down (limiting) the traffic both in terms of speed
and number of torrent connections. Most P2P torrent applications allow
you to do that. I know it is tempting to use the capacity of a good
fiber connection with your hard earned money. However, be considerate to
others and use the capacity you have in a responsible manner. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>4. Use Netflix/YouTube and other content streaming providers responsibly</b>:
Watching a movie/listening to music is an important entertainment human
need. However, considering doing it in the following manner:</div>
<ul style="text-align: left;">
<li>Try not to segregate your movie choices (your partner watches one,
your kids another and you on your own, just because you have your own
device). It's good for the parents from time to time to watch kids
movies. Try to find content that you can watch altogether from one
device. Streaming services account for a very large amount of the
world-wide Internet traffic. Reducing that in a responsible manner will
increase network capacity and server energy bills (yes, believe it or
not, the energy consumption is a fact, backend servers do consume a lot
of electricity).</li>
</ul>
<ul style="text-align: left;">
<li>If you find that you keep watching the same videos (music, other) from YouTube again and again, do consider using <a href="https://www.techradar.com/news/the-best-free-youtube-downloader" target="_blank">tools to download them and keep playing them from your local hard drive whenever you want offline</a>.
There might be of course legal issues with doing this. However, as long
as you do not use your local playing for profit (unlikely that you are
going to have a gig in your home for money), you should be OK. Doing
that in times like this means you are a responsible person and not
someone that violates copyright or tries to rob YouTube of advertisement
revenue. This is my own opinion of course. </li>
</ul>
<ul style="text-align: left;">
<li>Please do not stream movies while you are not watching them. </li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>5. Please avoid queuing on call center telephone lines when possible</b>:
How many times have you been annoyed listening to that 'elevator' music
while waiting to get in touch with the service desk and you have
listened to the 'Your call is important for us, all of our reps are
busy, please wait while we try to help you' kind of message? Well, many
call centers do offer the option of calling you back at the earliest
opportunity. If they do, please exercise that option, rather than
keeping the phone connection playing this for an hour. You are doing
yourself and the phone infrastructure a favor. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>6. Use data compression to keep the size of your files down before sending/downloading them, improve network response times</b> <b>and (please) do <u>not</u> attach them to emails</b>: </div>
<ul style="text-align: left;">
<li>Compression is not applicable for photos/images and videos and music
files as these might already be compressed or may not be compressible.
However, if you have plenty of large text documents (Word, Power Point,
Spreadsheets, PDF documents, programming language source code) that you
need to send/download from work, consider using <a href="https://fossbytes.com/best-file-compression-software/" target="_blank">compressions tools like these</a>
to reduce their size before a transfer. This will reduce both the
burden in communication networks as well as the transfer time. </li>
<li>For the most advanced users, compression is a technology that is
used to improve interactive response on latency sensitive traffic. A
great example of this is the <a href="https://www.gidblog.com/enable-compression-for-ssh/" target="_blank">SSH compression option</a>. When this is used in conjunction with<a href="https://stackoverflow.com/questions/12977879/ssh-compression-for-x11-forwarding" target="_blank"> X forwarding</a>
to gain access to remote desktop environments, it improves both
bandwidth consumption as well as the response time of remote desktop
environments. </li>
<li>Finally, compressed or uncompressed files, even if it is within the
few megabytes size limit that mail servers accept, please avoid
attaching large files on emails. This overloads mail servers and as
email is critical for many business functions, I recommend using
specific file sharing services instead of email attachments. Examples of
services that offer file sharing functionality are given <a href="https://www.computerworld.com/article/3262636/top-10-file-sharing-options-dropbox-box-google-drive-onedrive-and-more.html" target="_blank">here</a>. </li>
</ul>
<div>
<div style="text-align: justify;">
Stay safe and use the Internet efficiently and in a responsible manner!</div>
<div style="text-align: justify;">
<br /></div>
</div>
</div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-71068417407310979192018-12-02T14:38:00.003-08:002018-12-02T14:40:16.677-08:00First sysadmin/devops impression on RHEL 8 (article 1 -- initial impressions and installation overview )<div dir="ltr" style="text-align: left;" trbidi="on">
If you are a Linux techie and fan of the RedHat ecosystem, you might have received word that <a href="https://www.redhat.com/en/blog/powering-its-future-while-preserving-present-introducing-red-hat-enterprise-linux-8-beta" target="_blank">the beta version of RHEL 8</a> is out. Years ago, I did a popular <a href="http://epistolatory.blogspot.com/2014/07/first-sysadmin-impressions-on-rhel-7.html" target="_blank">cover story for RHEL 7</a>. It seems natural that I should continue the tradition and do the same with RHEL 8, even as it is still being polished. Chances are that by the time the final GA/production release is out, certain performance and versioning bits might be slightly different, so you are warned that this blog post will change, to reflect the expected changes.<br />
<br />
Let's start with a visual which is really the first thing you are going to see if you start the graphical target, which RedHat now calls the 'Workstation' environment group (more on that later, when I describe the installation bits). I bet it will look familiar to you (excluding the wallpaper) especially if you are a Fedora 28/29 user.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBMIrZ1u2EsNaUO5-zLOW502LVqR_BAs2HoTF1GCnv9wRysiPJcbey56NsyO625MSxp4MfcYDCwRuAfVsn3s6IpfcTCFnB4wWgmzCqyUz0BA9kU4BuRx1iR_BRmW-mQvK64AiNAKn1Ni3M/s1600/RHEL8visual.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1030" data-original-width="1279" height="515" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBMIrZ1u2EsNaUO5-zLOW502LVqR_BAs2HoTF1GCnv9wRysiPJcbey56NsyO625MSxp4MfcYDCwRuAfVsn3s6IpfcTCFnB4wWgmzCqyUz0BA9kU4BuRx1iR_BRmW-mQvK64AiNAKn1Ni3M/s640/RHEL8visual.png" width="640" /></a></div>
<br />
<br />
Yes, it is GNOME 3.28, in particular version 3.28.2, the same as Fedora 28. No surprises there as the Fedora project is used as the testbed for things that will eventually end up in the RHEL release. Wayland is at play by default here, although breath easily, as <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8-beta/html/8.0_beta_release_notes/new-features#desktop_2" target="_blank">you can keep X.Org with your binary NVIDIA drivers and your multi-GPU setup</a> (that will not work with Wayland, this is not a RHEL 8 thing).<br />
<br />
Other important component versions that mark the RHEL 8 beta release are: <br />
<ul style="text-align: left;">
<li>the Linux 4.18 kernel, <b>4.18.0-32.el8</b> in particular. This is a big and welcome step considering that RHEL 7 is based around the 3.10 kernel, which is really outdated in many respects (the latest at the time of writing was3.10.0-957.1.3.el7). As I write this, both active Fedora versions (28 and 29) have moved to the 4.19 kernel, but it seems that RHEL 8 has touch base with the 4.18 version and is likely to remain with that kernel. System stability and a more conservative environment when it comes to the backporting features and fixes (such as the Spectre and Meltdown patches that have substantial negative performance impact on the 4.20 kernel).</li>
<li>The default gcc version is now <b>8.2.1 20180905</b>, in line with the active Fedora distros. Compare that to RHEL 7's 4.8.5 20150623 also showing its date. Just so that I am not misunderstood, if you run RHEL 7, you could install more modern compilers by using the Redhat's software collection repos (rhel-server-rhscl-7-rpms, the devtoolset-6* and devtoolset-7* yum packages). I emphasize the word *default* here, which means what comes with the basic installation and the simplest of entitlements. 4.8.5 is really out of date, it would make sense if Redhat makes an effort to set the default one to 4.9.4 for RHEL 7.</li>
<li>Pythonistas should feel right at home, but they should note that only Python3 is installed by default, version <b>3.6.6</b> in particular. Python developers need to explicitly install the available python2 packages. Python 2.7.15-15 is there, but with limited support. Again, that's not Redhat's decision as <a href="https://pythonclock.org/" target="_blank">Python 2 is reaching EOL by the end of 2019</a>. The sooner you migrate your apps to Python3 the better, with or without RHEL 8. </li>
</ul>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiya8ELHJjQswWveGyUXC9knvangvrf-IGnY8HUJkdX7aG9WQoaeueQp3ESopIBtN6shhqpSZxKuA4lmu2eJpxyZI-DRlpMHB6Nq30ktknV2mPH0hgRahrauVfcSl4LfrP0ov_yZdHmM8I/s1600/rhel8python2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1028" data-original-width="1205" height="544" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiya8ELHJjQswWveGyUXC9knvangvrf-IGnY8HUJkdX7aG9WQoaeueQp3ESopIBtN6shhqpSZxKuA4lmu2eJpxyZI-DRlpMHB6Nq30ktknV2mPH0hgRahrauVfcSl4LfrP0ov_yZdHmM8I/s640/rhel8python2.png" width="640" /></a></div>
<ul style="text-align: left;">
<li>Perl fans should find a system wide version of <b>5.26.2</b> on RHEL 8. In comparison, RHEL 7 has Perl version 5.16.3. IMHO, if you run something production grade with Perl, you should at least be on 5.24.x these days to get the best performance and functionality. </li>
</ul>
<ul style="text-align: left;">
<li>What you used to do with <b>yum</b> can now be done with <b>dnf</b>. That should not be news to you, especially if you have been following the Fedora releases. The introduction of the dnf tool has to do with important changes in the way software packages are tagged, installed and used (keep reading). </li>
</ul>
<br />
A few words about installing RHEL 8 now, as there are some notable changes there. RHEL 8 seems to organize software content by means of using two software repositories:<br />
<ul style="text-align: left;">
<li>The <b>BaseOS</b> repo: This includes RPM based packages for the core functionality of the operating system that can be searched, installed/deployed with dnf in pretty much the same way one used to do it with yum in RHEL 7. </li>
<li>The <b>Appstream</b> repo: This includes utilities to run real world workloads (for example databases, web servers, runtime environments) that can be organized either as RPM packages (like in the BaseOS repo) OR as multi-versioned collections (called streams) organized in modules. Modules are RPM extensions and their streams should allow you to choose among different versions of the package.</li>
</ul>
The concept of <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8-beta/html/using_application_stream/using-appstream_using-appstream" target="_blank">Application Streaming</a> should give you the ability to have a module (say X) that offers you the Y and Z versions (streams) of a webserver. If Y is the production and Z the development version of that webserver, the Appstream repo should give you the ability to install X:Y on production systems and X:Z on your development cluster, all from one repo with a single command. You cannot install both versions in parallel on a system (unless you run your webservers in containers), but you should be able to install and run a specific version at a time.<br />
<br />
If you are thinking that someone is trying to re-invent the wheel, you are probably right. You could previously achieve the same functionality on RHEL 7 and other platforms with the Software Collections and you could also deploy things like <a href="http://modules.sourceforge.net/" target="_blank">Environment Modules</a> to achieve the same result, albeit at a slightly higher complexity. The idea is to perform everything here from specific repos and via your package manager. Software collections require more repos and they modify your Shell environment in ways that can create complex issues. Well, I am not trying to convince you to use one or the other here. You will be the judge of what works best for you.<br />
<br />
There will be an additional article exploring the issue of Application Streaming. For now, this article will conclude with an overview of the RHEL 8 installation. I am going to outline the steps of installing a Virtual Machine hosted guest instance. My host operating system is Fedora 28 with its stock KVM/QEMU components. I dedicated 4 vCPUs, 4 Gigs of RAM, a functioning NAT enabled virtual NIC (to ensure that I can reach Redhat's subscription management infrastructure) and about 20 Gigs of a VirtIO disk for my qcow2 image.<br />
<br />
There are many ways to install a RHEL 8 instance and should start with <a href="https://access.redhat.com/products/red-hat-enterprise-linux/beta" target="_blank">Redhat's Customer portal</a>. The one I describe here is the Anaconda graphical installer from the Binart DVD images. You will need an account and an active subscription (that you can obtain by request if you have a portal account). This will enable you to download the beta test distro in a number of ways, as shown below.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9XTqWL-sl28Qr7k6NE2EAbZGOKVmg6MaYTALah01WcYuOuO4KVs3b7xsWQiX_nffKYQBb9-6rgsZFjAs9PpK7CgGhClGjC1wSy7bwoKw0OIdRCMgCdS5ZNwD0mPg9nQSS4z4YiX9bZzan/s1600/rhportal1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="938" data-original-width="1215" height="492" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9XTqWL-sl28Qr7k6NE2EAbZGOKVmg6MaYTALah01WcYuOuO4KVs3b7xsWQiX_nffKYQBb9-6rgsZFjAs9PpK7CgGhClGjC1wSy7bwoKw0OIdRCMgCdS5ZNwD0mPg9nQSS4z4YiX9bZzan/s640/rhportal1.png" width="640" /></a></div>
<br />
<div>
<br />
I chose to download the 8.0 Beta Binary DVD, although the KVM Guest Image would have worked equally well (I wanted a complete set on a DVD image).<br />
<br />
After verifying the SHA-256 checksum, I immediately proceeded to install my guest image and was greeted by the first installation screen, choosing the installation language. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2L1sgxrnqFOLjCfwjeCq0d-SNz04lc-RbSnZkqTm2KoSLpYdTs5FeRgRPNOMjeBh40rTp22X-2Gz9DHKyAfQh8YUs-uECSrlwntmbP6q5bvh6xkkjaza5XTENsBX3qJWagGu-2uArJVqf/s1600/rhel8beta1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="770" data-original-width="1032" height="476" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2L1sgxrnqFOLjCfwjeCq0d-SNz04lc-RbSnZkqTm2KoSLpYdTs5FeRgRPNOMjeBh40rTp22X-2Gz9DHKyAfQh8YUs-uECSrlwntmbP6q5bvh6xkkjaza5XTENsBX3qJWagGu-2uArJVqf/s640/rhel8beta1.png" width="640" /></a></div>
<br />
<div>
<div>
The main 'installation summary' screen feels very familiar to those of you that have recently installed a Fedora distro, although a couple options ('SECURITY POLICY' and 'System Purpose') seem new.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi01YLNSIMnhKGuNs4-c5jBk8ReII7q7eIabjaI_bKXvIKOrD6vI2Yl-zF9LLNwLSStnrGF9Tw2OG6xUXm8Tbu7IqfczC8Ao_sWVM_C-vgcwhP1vyAUrUOdvpX3MfArtJd9d55LVYpLufsG/s1600/rhel8beta2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="767" data-original-width="1026" height="478" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi01YLNSIMnhKGuNs4-c5jBk8ReII7q7eIabjaI_bKXvIKOrD6vI2Yl-zF9LLNwLSStnrGF9Tw2OG6xUXm8Tbu7IqfczC8Ao_sWVM_C-vgcwhP1vyAUrUOdvpX3MfArtJd9d55LVYpLufsG/s640/rhel8beta2.png" width="640" /></a></div>
<br />
The next step was to chose and test my keyboard layouts. I chose a Nordic (Norwegian), English and Greek keyboards and they seem to work OK.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeXZNT7wiO4d3wNFdIl3-PmzjLhM9s45T9siq4kCP14SBzuD7DdzwieBlHvM0TjEYt4QF0H9qU03BU5gjM4mnpDRLjqvsq9j1queDcZIHI0zZkauCJXF9kT4f2K-huq86z5pk_DTmTfioF/s1600/rhel8beta4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="769" data-original-width="1031" height="476" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeXZNT7wiO4d3wNFdIl3-PmzjLhM9s45T9siq4kCP14SBzuD7DdzwieBlHvM0TjEYt4QF0H9qU03BU5gjM4mnpDRLjqvsq9j1queDcZIHI0zZkauCJXF9kT4f2K-huq86z5pk_DTmTfioF/s640/rhel8beta4.png" width="640" /></a></div>
<br />
I *would* suggest that you choose to set your 'Time & Date' settings next, but this is not a good idea. This is additional feedback I would like to pass on the Redhat team. You see, if you go to the 'Time & Date' settings, you choose your time zone and attempt to turn on the Network Time Protocol (NTP) by clicking on the ON/OFF 'Network Time' button, the button will refuse to stay on the 'ON' state.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsGUjdrTIFZbxSf4xaGqD5f3HOSECZttMwiP650gdpzDmoQ11xiptCcsF8KDS4_oZVpPUxAd24yKdw6SlYetn19QrLQH9NGlyEKn-eVppPe0jt_f441xWDRw2N4mWr9n9OUdiUviNywHgb/s1600/rhel8beta5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="765" data-original-width="1030" height="474" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsGUjdrTIFZbxSf4xaGqD5f3HOSECZttMwiP650gdpzDmoQ11xiptCcsF8KDS4_oZVpPUxAd24yKdw6SlYetn19QrLQH9NGlyEKn-eVppPe0jt_f441xWDRw2N4mWr9n9OUdiUviNywHgb/s640/rhel8beta5.png" width="640" /></a></div>
<br />
The seasoned sysadmin/developer might figure out that this is due to the fact that the NTP server was not reachable: Although I had a perfectly ready virtual NIC standing by, this was not enabled by default. The correct order is thus to jump first to the 'Network & Host Name' settings, enable the NIC and ensure you are online.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibUxpVTwozrW1kteNriLEUlPeq5BLuRh8AMkZ93UbrsQ-zhDqJF5fCmi7Cia4l4VwxWDoPwaSYc7S_gMOcNSTSt-_nScNrjksg42DCltkx2vpVa8mCfsuw1LmKU9P7rMF_f6KEty9Pp5tY/s1600/rhel8beta6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="772" data-original-width="1023" height="482" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibUxpVTwozrW1kteNriLEUlPeq5BLuRh8AMkZ93UbrsQ-zhDqJF5fCmi7Cia4l4VwxWDoPwaSYc7S_gMOcNSTSt-_nScNrjksg42DCltkx2vpVa8mCfsuw1LmKU9P7rMF_f6KEty9Pp5tY/s640/rhel8beta6.png" width="640" /></a></div>
<br />
I can now navigate back to the 'Time & Date' settings and verify that NTP is on ('Network Time' button is set to 'ON'). Timing is important. I feel that turning the configured NIC on by default OR alternatively displaying some kind of error message (like 'Cannot turn Network Time on because your NIC is inactive')when the NIC is turned off would result in a smoother user experience for an Enterprise Operating System. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxY7I9N3MDZevUdbQoTkdG-9kucSFwG-9adZMYaAgR3HS7sxcy1ISLz5aask1OQtAuYBi7uZmAno6xvUwTNJhelpHO_pfn2RV7iZA5ELVtuuyxN60bMmeXs7xzcL08dDXreeTL2cuejYbO/s1600/rhel8beta7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="764" data-original-width="1027" height="476" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxY7I9N3MDZevUdbQoTkdG-9kucSFwG-9adZMYaAgR3HS7sxcy1ISLz5aask1OQtAuYBi7uZmAno6xvUwTNJhelpHO_pfn2RV7iZA5ELVtuuyxN60bMmeXs7xzcL08dDXreeTL2cuejYbO/s640/rhel8beta7.png" width="640" /></a></div>
<br />
Moving on to the next item of interest, the 'Software Selection' settings allow you to customize what will be installed (you can always modify this post installation). The distinction between 'Server' and 'Workstation' on the Base Environment is not new. If you want something customized to combine aspects of both, your mileage may vary. I would choose either 'Server' if you do not want a graphical environment or the 'Workstation' option (this was my choice for the demo I describe here) for a GNOME graphical environment. As explained, you can always add/remove stuff after the initial installation. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiytzjf9L0oQouTym5QoyIbo91_VeInnMf_IVyYLpa_xSz9X0ubqFmaEDEltllUfKBi6NsDoWLkZsyjGBafSEcZMFlHy9UET6x-_jozJRCCN3W5OPPO4YZikNIVO_Ob7AMx6dCKvUOZi1Dn/s1600/rhel8beta8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="770" data-original-width="1026" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiytzjf9L0oQouTym5QoyIbo91_VeInnMf_IVyYLpa_xSz9X0ubqFmaEDEltllUfKBi6NsDoWLkZsyjGBafSEcZMFlHy9UET6x-_jozJRCCN3W5OPPO4YZikNIVO_Ob7AMx6dCKvUOZi1Dn/s640/rhel8beta8.png" width="640" /></a></div>
<br />
The 'Installation Destination' setting offers no surprise. Here, you can choose your installation drive and possibly encrypt your partitions. Nothing new here.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh28tsQ-rO8RfkB5ZtwEUiMFs4X2nWbuNuxuqGemfFn3ExR-YnT6JJmWHOmyke6TAW3Qbgb8hqBqg71C5_8FlNPfLahx8TmtRTRK0Ne7cCNe20eyEDGYDHtgdpR9VXN5Z2DjaGuADJ7Uomq/s1600/rhel8beta9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="765" data-original-width="1024" height="478" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh28tsQ-rO8RfkB5ZtwEUiMFs4X2nWbuNuxuqGemfFn3ExR-YnT6JJmWHOmyke6TAW3Qbgb8hqBqg71C5_8FlNPfLahx8TmtRTRK0Ne7cCNe20eyEDGYDHtgdpR9VXN5Z2DjaGuADJ7Uomq/s640/rhel8beta9.png" width="640" /></a></div>
<br />
What's new in RHEL 8 are the following couple of screen settings. In particular, the 'SECURITY POLICY' setting, one can choose to customize the system between two policies. These policies ensure that certain components that have to do with firewalls, audit data and other OS settings are configured in a way that adheres to strict standard rules, to maximize your security. You should always check with your resident Information Security Officer, but as a rule of thumb, if you run the system in a bank or your system is involved in processing Credit Card data, the <a href="https://www.pcisecuritystandards.org/minisite/en/docs/PCI_DSS_v3.pdf" target="_blank">PCI-DSS v3</a> Baseline policy is a good one to choose. Alternatively, you can select the <a href="https://www.ibm.com/support/knowledgecenter/en/SSB27U_7.1.0/com.ibm.zvm.v710.hcps0/hcps009.htm" target="_blank">OSPP protection profile for general purpose OSes</a>.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5tEnJU5b9CPZMrM4xY_sZCwRQaYUhvRR4ZF8yhA01jFAcSiTBTcDnxd9LbRtu_xAZfRrZEeibeJ_d2lCkUYfW8rbvdGe930h8gY6E_QI1EcIqlPcrJWmmDNDym9FM6Rd-CAfT3b1W61lR/s1600/rhel8beta11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="764" data-original-width="1025" height="476" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5tEnJU5b9CPZMrM4xY_sZCwRQaYUhvRR4ZF8yhA01jFAcSiTBTcDnxd9LbRtu_xAZfRrZEeibeJ_d2lCkUYfW8rbvdGe930h8gY6E_QI1EcIqlPcrJWmmDNDym9FM6Rd-CAfT3b1W61lR/s640/rhel8beta11.png" width="640" /></a></div>
<br />
Finally, the 'System Purpose' screen lets you categorize the Role, SLA and usage of the system. I am not clear as to how Redhat will uses these settings as part of their Support and system inventory processes, suffice to say that collecting these data can help them dedicate their resources more efficiently in a support case.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNlJ0UmlH1hJWeFxW6GAf6CdZYSQUZsHHRkXmDeHT9lgDQvuNV3l4jcZG0zzWHVguJiFtsrDjruYB2PL869-jK_4MO0NcQ1CBI5mC3MEOIwvVYy-rxBVYM2QE6y1l88fGzag_2uvYOCbuz/s1600/rhel8beta12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="765" data-original-width="1018" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNlJ0UmlH1hJWeFxW6GAf6CdZYSQUZsHHRkXmDeHT9lgDQvuNV3l4jcZG0zzWHVguJiFtsrDjruYB2PL869-jK_4MO0NcQ1CBI5mC3MEOIwvVYy-rxBVYM2QE6y1l88fGzag_2uvYOCbuz/s640/rhel8beta12.png" width="640" /></a></div>
<br />
Hit the 'Begin Installation' button of the installation summary screen and while the installer is progressing, you can set the root account password and an account. Eventually, when you reboot, you should be able to see the login screen of the graphical target.<br />
<br />
We are not done yet. The system has installed, but it has not been registered with a subscription. To do that, you will need to obtain root, ensure you have Internet access and then just type the following two commands on the shell :<br />
<br />
<b>subscription-manager register --username YOUR_USERNAME --password YOUR_PASSWORD</b><br />
<br />
<b>subscription-manager attach --auto</b><br />
<br />
The first command will register the system to the Red Hat Subscription Management platform (you obviously need to replace <b>YOUR_USERNAME </b>and <b>YOUR_PASSWORD </b>with your own account credentials). The second command will ensure that your system will attach to the beta entitlement. When you are done, here's how it should look on the Subscription Management Portal (uuid, username and Serial Number removed):<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNVpHhPE8BPd4zluJwtGt2QP0yCsr1_P1PYk5ETUQgVNHTmP9h4hUDQG5PBPMarzaU4eDIPiMBVVlNZ-3ISEqlfOrPhVPhv7lXFVb19KCCzbM9VHmCoLz_t-Cck0keN1zD1koMEGn7F2FV/s1600/rhel8betaRHSMplatformsnsored.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="763" data-original-width="1197" height="406" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNVpHhPE8BPd4zluJwtGt2QP0yCsr1_P1PYk5ETUQgVNHTmP9h4hUDQG5PBPMarzaU4eDIPiMBVVlNZ-3ISEqlfOrPhVPhv7lXFVb19KCCzbM9VHmCoLz_t-Cck0keN1zD1koMEGn7F2FV/s640/rhel8betaRHSMplatformsnsored.png" width="640" /></a></div>
<br />
That's it, the system is now ready for use. Stay tuned for more RHEL 8 tests and analysis! <br />
<br />
<br /></div>
</div>
</div>
</div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com1tag:blogger.com,1999:blog-2248117304334958898.post-31849135315416294992015-06-20T06:23:00.002-07:002015-06-21T02:38:51.650-07:00Ο Τσίπρας οι Μπολσεβίκοι και η Ευρωπαική Ένωση<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMDU9IYlfwbwVsx0YO5P-lhPeeP0P7En4lmgnIw1GMbnjpKTU8p1MjXq9wqZR1Sz5thGjcVtY5OYwVmAIe5HZXLhdi3zaH7dhCgqoVhu4PSrbvmdoTJzqL0S1XARa2TYizrY74TIWnpAvb/s1600/European-governance-47024575.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMDU9IYlfwbwVsx0YO5P-lhPeeP0P7En4lmgnIw1GMbnjpKTU8p1MjXq9wqZR1Sz5thGjcVtY5OYwVmAIe5HZXLhdi3zaH7dhCgqoVhu4PSrbvmdoTJzqL0S1XARa2TYizrY74TIWnpAvb/s400/European-governance-47024575.jpg" width="400" /></a></div>
<br />
H Γερμανία θα παίζει πάντοτε έναν καθοριστικό ρόλο στην Ευρώπη, προκαλώντας καταστροφές και μεγάλα γεγονότα. Δεν αναφέρομαι στο Β Παγκόσμιο Πόλεμο, αλλά σε τι οδήγησε σε αυτόν. Η ιστορία επαναλαμβάνεται και μερικά γεγονότα του παρελθόντος έχουν καταπληκτική ομοιότητα με σημερινές καταστάσεις.<br />
<br />
Ένα απο αυτά τα γεγονότα, που θα έπρεπε να είναι και στο μυαλό του Έλληνα Πρωθυπουργού καθώς και των ηγετών της ΕΕ, είναι και η συνθήκη Bresk Litovsk του 1918. Δεν προσπαθώ να δώσω πολιτική ή κομματική χροιά στο θέμα, γνωρίζουν όλοι οτι ο πυρήνας του ΣΥΡΙΖΑ αποτελείται απο ακροαριστερά στοιχεία. Απλά προσπαθώ να συγκρίνω δυο γεγονότα μεγάλης σημασίας και να σκιαγραφήσω τι πρέπει να είναι στο μυαλό των ηγετών τότε και τώρα.<br />
<br />
Η συνθήκη του <a href="https://en.wikipedia.org/wiki/Treaty_of_Brest-Litovsk" target="_blank">Bresk-Litovsk</a> (στα Αγγλικά) έθεσε στην ουσία την ταφόπλακα της συμμετοχής της Ρωσίας στον A' Παγκόσμιο πόλεμο. Ο Λένιν και οι Μπολσεβίκοι συνθηκολόγησαν με τις μεγάλες δυνάμεις (Γερμανία, Αυστρο-Ουγγαρία, Βουλγαρία και Τουρκία) την παράδοση της μισής Ρωσικής Αυτοκρατορικής επικράτειας στη Γερμανία. Ο Λένιν φυσικά και δεν έδωσε γη και ύδωρ χωρίς έναν καλό λόγο. Αυτή του η ενέργεια ήταν υπολογισμένη και του επέτρεψε να γατζωθεί στην εξουσία και να θεμελιώσει επαναστατικές αλλαγές. Οι Μπολσεβίκοι είχαν κερδίσει τον έλεγχο των ορυχείων και μεγάλου κλάσματος εύφορης γης της Ρωσικής επικράτειας πριν προβούν στη συνθηκολόγηση.<br />
<br />
Οι ομοιότητες είναι πολλές με την κατάσταση στη σημερινή Ελλάδα και την ΕΕ. Ο πυρήνας του ΣΥΡΙΖΑ μιλάει για ρήξη και μη συνθηκολόγηση. Το ίδιο έλεγε και ο Λέον Τρότσκι, ο οποίος δεν ήθελε ούτε καν να ακούσει τους όρους της Γερμανίας. Στο τέλος όμως ήταν αυτός που υποχώρησε και έτσι ο Λένιν συνθηκολόγησε.<br />
<br />
Οι Μπολσεβίκοι ήταν μια νέα δύναμη, άπειρη, όπως και ο ΣΥΡΙΖΑ. Ο Τρότσκι μετά την ουσιαστική υποχώρησή του, χρησιμοποίησε το διάλογο για τη συνθηκολόγηση σαν εφαλτήριο επαναστατικής προπαγάνδας για τους εργάτες, όπως και ο Βαρουφάκης μιλάει για ριζική αλλαγή του μοντέλου λιτότητας ώς προυπόθεση για οικονομική ανάπτυξη στην Ευρώπη (όχι μόνο στην Ελλάδα).<br />
<br />
Υπάρχουν όμως και ουσιαστικές διαφορές ανάμεσα στο χτες και στο σήμερα. Οι διαφορές αυτές έχουν τεράστια σημασία σε μια Ευρώπη που στιγματίστηκε απο το Β' Παγκόσμιο Πόλεμο, έναν πόλεμο που άρχισε απο καθαρά οικονομικά αίτια και άφησε τα σημάδια του μέχρι και σήμερα με τις χαμηλοπληθωριστικές πολιτικές, ένα καθαρά γερμανοφοβικό προιόν.<br />
<br />
Η Ελλάδα δεν είναι αυτοκρατορία για να δώσει γη και ύδωρ στους ισχυρούς που τη δάνεισαν. Επίσης, ο Τσίπρας δεν είναι Λένιν, όχι μόνο ιδεολογικά αλλά και στρατηγικά, απλούστατα διότι δεν έχει διαχωρήσει την εύφορη (παραγωγικοί άνθρωποι) απο την άγονη γη (άνθρωποι με ιδεολογικές εμμονές σε ξεπερασμένες πρακτικές) στην Ελλάδα. Αυτόν το διαχωρισμό δεν τον έπραξε ο Τσίπρας αλλά και οι προκάτοχοί του, για να είμαστε δίκαιοι. Δεν είναι επαναστάτης, διότι αυτό που ο πυρήνας της παράταξής του προτείνει είναι ξεπερασμένο, και ούτε καν καλώς ορισμένο. Είναι ίσως ο μόνος Έλληνας Πρωθυπουργός που είναι τραγικά μόνος, ακόμα και μέσα στην παράταξή του. Η δύναμη της εμμονής του πηγάζει όχι απο την αποφασιστικότητά του, αλλά απο την αδυναμία του να προτείνει αυτά που ο ίδιος νομίζει πως είναι η λύση, στην ίδια του την παράταξη.<br />
<br />
Διαφορές και ευθύνες δεν υπάρχουν όμως μόνο στην Ελλάδα, αλλά και σε αυτό που αυτοί ονομάζουν ηγεσία της ΕΕ. Διότι παρόλο που η ΕΕ δε ζητά τη μισή Ελλάδα, στρουθοκαμηλίζει σε επίπεδο πολιτικής στρατηγικής, μη δεχούμενη να αποδεχθεί την αλήθεια που ακόμα και το ΔΝΤ είπε καθαρά. Το Ελληνικό χρέος όπως και η γενική εικόνα του χρέους του Ευρωπαικού Νότου ΔΕΝ αντιμετωπίζεται χωρίς μείωση χρέους (το δικαιολόγησα αυτό <a href="http://epistolatory.blogspot.no/2015/02/why-europe-will-listen-to-greece-and.html" target="_blank">σε προηγούμενο άρθρο μου εδώ</a>, στα Αγγλικά). Η λογική του να θέτεις απο τη μια μεριά ως όρο χρηματοδότησης τη συμμετοχή του ΔΝΤ και μετά να μην αποδέχεσαι αυτά που το ίδιο προτείνει είναι επιεικώς λογικά απαράδεκτη. Με η χωρίς το τραγικό λάθος των πολλαπλασιαστών που (μαζί με την αδράνεια των Ελληνικών κυβερνήσεων) επέτειναν την κρίση, τουλάχιστον το ΔΝΤ έφτασε σε ενα είδος τεχνοκρατικής ειλικρίνειας, απέναντι στο γερμανοκρατούμενο πουριτανισμό που θέλει χώρες (όχι μόνο την Ελλάδα) αδύναμες να αποπληρώσουν χρέη δυσθεώρητων μεγεθών να μένουν στο ίδιο βάσανο.<br />
<br />
Επίσης επιεικώς απαράδεκτο είναι να κλείνεις την πόρτα σε 11 εκατομμύρια ανθρώπους, με μόνο αντίδοτο τη δημοσιονομική πειθαρχία μέσω λιτότητας, μιας και συμφέρον των Ευρωπαίων φορολογούμενων είναι να πάρουν πίσω τα χρήματά τους. Οι τεχνοκράτες των δυο πλευρών διαφωνούν για το ύψος των φόρων, τα ισοδύναμα που κλείνουν τρύπες, αλλά κατα τη γνώμη μου, αφήνουν ένα σημαντικό παράγοντα εκτός των εξισώσεών τους. Τα επίσημα στοιχεία (που πολλοί αποκρύπτουν) δείχνουν οτι απο το 2009 έως σήμερα, απο την Ελλάδα έχουν φύγει περισσότερα απο 498000 άτομα παραγωγικών ηλικιών (26-48 ετών), υψηλού μορφωτικού επιπέδου, για το εξωτερικό. Παρόμοια κατάσταση αντιμετωπίζουν η Ισπανία και η Πορτογαλία, Δεν είναι λογικά άτοπο κάποιος να διαφωνεί για το ύψος φόρων και για ισοδύναμα, όταν ο φοροδοτικός ιστός μιας χώρας αποδομείται; Σημασία έχει το πόσο ή το ποιός έχει μείνει για να πληρώσει αυτούς τους φόρους; Νοιάζεται πραγματικά η Γερμανία να πάρει πίσω τα 60 δις Ευρώ που δάνεισε, όταν γνωρίζει η ίδια το οτι η πλειοψηφία των νέων ανθρώπων της Ελλάδας έχουν μετακομίσει μόνιμα στο έδαφός της; <br />
<br />
Η κίνηση απεμπλοκής για μένα είναι απλή και έχει δύο μέρη, τα οποία έχουν κοστολογηθεί απο εκθέσεις γνωστές και στις δύο πλευρές<br />
<br />
-Η ΕΕ ας θέσει έγγραφα και ενυπόγραφα έναν ορίζοντα 50ετίας με σαφή αναφορά σε μέτρα ελάφρυνσης του χρέους υπο την προυπόθεση να επιτευχθεί κλιμακούμενη ανάπτυξη και με γενναιόδωρο πακέτο απασχόλησης νέων (26-40 χρονών). Αν δε δοθούν κίνητρα να επιστρέψουν και να μείνουν νέοι άνθρωποι στην Ελλάδα, οποιαδήποτε πολιτική απομείωσης/ελάφρυνσης του χρέους θα αποτύχει. <br />
<br />
-Η Ελληνική πλευρά βλέποντας αυτόν τον όρο στο τραπέζι να αποδεχθεί πλεονάσματα του 0.75%, με ολοκλήρωση ιδιωτικοποιήσεων εντός 5ετίας, αύξηση των ορίων ηλικίας στα 68 έτη, μείωση του δημόσιου τομέα κατα 15%, αμυντικών δαπανών κατα 20%, χωρίς αύξηση φόρων και μειώσεις συντάξεων αλλά και ρήτρα παγώματος μισθών 7ετίας. <br />
<br />
Οι συμφωνίες γίνονται με αμοιβαίες υποχωρήσεις. Οι συνταγές υπάρχουν, η δημοσιονομική πειθαρχία δεν είναι απαραίτητα αντιπαραγωγική λιτότητα και η ανάπτυξη έρχεται μόνο όταν νέο αίμα επιστρέφει και παραμένει στην Ελλάδα. <br />
<br /></div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-59923893872297719442015-02-01T14:14:00.001-08:002015-02-01T14:46:12.724-08:00Why Europe will listen to Greece and the European South<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<iframe allowfullscreen="" frameborder="0" height="270" src="https://www.youtube.com/embed/AoDKcVgIb_4" width="480"></iframe>
</div>
<br />
As of the 26th of January 2015, Greece has elected a new Government, which seems to strike a cord with the very heart of the European administration. Many were quick to point out that the new Greek Government is an anti-European one and came into power due to the fact that Greeks voted with a sentiment of anger. This may be true for a good portion of its voters, who felt betrayed by the two older traditional political parties (New Democracy and PASOK). However, there is a certain truth behind the reason Greek voters selected SYRIZA and that has nothing to do with sentiments against Europe. It has to do simply with the fact that Europe has mistreated Greece and many Greek people felt abandoned, been unable to make a living and look after their families.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
As the Greek Government vows to re-negotiate the Greek debt on a European basis inside Europe, many key European politicians dismiss this need and refuse to listen to the Greek case, despite a wider European sentiment against the European policies that dictate austerity. In this article, I will prove why the reaction of the European administration is the wrong one. I shall present numbers that show why the Greek debt is not the problem of Europe. Europe faces an existential crisis and is currently unable to convince its member states about the sustainability of the collective European debt. Greece has of course been a problematic country, with systemic corruption and tax evasion. However, the worsening of the financial indicators in Greece and other problematic Eurozone members has very little to do with these factors and can be attributed more to the application of widespread austerity practices. These practices deprive the European South of vital abilities to restructure and develop their economies. This situation is not sustainable and its solution is not related on whether Greece remains or exits the Eurozone. </div>
<br />
For the record, I claim no political affiliation or financial interest in the way I express my opinions. I would like to remain objective, and I welcome your comments.<br />
<br />
<b>The Greek Debt and its comparison to other Eurozone member debts</b><br />
<br />
<div style="text-align: justify;">
The Greek debt is best understood in comparison to other 'problematic' European countries. Throughout the article, I use the term 'problematic' to refer to Eurozone member states that have seen substantial worsening of their financial indicators. This worsening is of course due to the over application of austerity policies, which had the completely opposite effect than the intended one. I used the Google public data platform to fetch relevant data from Eurostat and the World Bank, in order to increase the verification of these results. </div>
</div>
<br />
<iframe frameborder="0" height="325" marginheight="0" marginwidth="0" scrolling="no" src="https://www.google.no/publicdata/embed?ds=ds22a34krhq5p_&ctype=l&strail=false&bcs=d&nselm=h&met_y=gd_pc_gdp&scale_y=lin&ind_y=false&rdim=country_group&idim=country_group:non-eu&idim=country:el:it:es:pt&ifdim=country_group&tstart=949359600000&tend=1359673200000&hl=en_US&dl=en&ind=false" width="400"></iframe>
<span style="font-size: x-small;"><i><b> </b></i></span><br />
<span style="font-size: small;"><i><b>Graph 1: Government debt as percent of GDP - Source Eurostat</b></i></span><br />
<br />
<div style="text-align: justify;">
Graph 1 shows clearly that Greece has the highest Government debt as percent of GDP. However, Graph 1 also indicates two easily verifiable facts.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The first fact is that the problem is worsening not only for Greece, but for all other countries since the beginning of the Eurocrisis (starting from 2008). Despite the austerity measures suggested by the Troika 'experts', Spain, Italy and Portugal see their GDP debt ratios increase consistently and substantially, a sign of their worsening economies. In addition, other members of the Eurozone that are not displayed in Graph 1, have also seen notable increases of the debt/GDP ratio. A few notable examples include Ireland whose ratio jumped from 44.2% in 2008 to 124.2% in 2013 and Belgium that went from 89.2% (2008) to 102.4% in 2013. All of these countries have seen austerity measures decided by the Troika or various national governments imposing a policy dictated by Brussels.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
For Greece in particular, one should note two key dates. The year 2001, when Greece started using the Euro and the year 2008, when Greece started entering the spiral of the financial crisis. Systemic corruption and tax evasion in Greece were present before these dates. However, the severe worsening of the financial indicators occurred after the year 2008 and spiraled out of control after the application of the Troika policies. A classic example of the application of too much medicine on a patient that needed it, but not in that quantity.</div>
<br />
<div style="text-align: justify;">
What did the austerity measures do for the national economies of these countries? To answer this question, we have to come to the second fact that reveals the complete picture of what happened to Greece and to some extent the rest of the problematic European economies. Graph 1 displays a clear economic deterioration, but what exactly has caused that deterioration. There are a lot of opinions about the South of Europe tied to stereotypes of lazy people, corrupt politicians. I dismiss these theories, because lazy people exist all over the world. Corruption is systemic in many South European countries. However, corruption itself is not enough to cause this type of economic deterioration. The answer lies in what happened to the GDP of these countries for the same period of time, as displayed in Graph 2 below.</div>
<br />
<iframe frameborder="0" height="325" marginheight="0" marginwidth="0" scrolling="no" src="https://www.google.no/publicdata/embed?ds=d5bncppjof8f9_&ctype=l&strail=false&bcs=d&nselm=h&met_y=ny_gdp_mktp_cd&scale_y=lin&ind_y=false&rdim=region&idim=country:GRC:PRT:IRL:ESP:ITA&ifdim=region&tstart=949359600000&tend=1359673200000&hl=en_US&dl=en&ind=false" width="400"></iframe>
<br />
<span style="font-size: small;"><i><b>Graph 2: GDP reduction for the lossy Eurozone economies- Source World Bank</b></i></span><br />
<br />
<div style="text-align: justify;">
Graph 2 shows the notable GDP reduction in various Eurozone countries. There is an important detail that is not easily shown in Graph 2. Starting in 2008, the Greek GDP went from 350 Billion Euros to 242 Billion Euros in 2013. <b>In five years, 30% of the GDP disappeared from the pockets of the Greek citizens. We have rarely seen such a rapid GDP reduction in the global financial history, which displays clearly the weight Greek citizens had to lift on their shoulders, as a result of the austerity.</b> In comparison, Ireland, Portugal, Spain and Italy lost approximately 8%, 10%, 10.4% and 5% of their GDP respectively, during the same period of time. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The ostricism of the Troika and Brussels has to do with the fact that everybody is talking about Greece, like it is the largest problem of Europe. I am afraid this is a very flawed attitude. Brussels (and Germany in particular) hide their head in the sand and avoid to see the wider picture, which consists of the the actual number of Euros owed by each one of these countries. The next graph indicates the actual amount of Euros owed by each of the problem countries, because not everyone can actually appreciate the effect of the GDP debt ratio in a common currency (unless of course you are an economist).</div>
<br />
<iframe frameborder="0" height="325" marginheight="0" marginwidth="0" scrolling="no" src="https://www.google.no/publicdata/embed?ds=ds22a34krhq5p_&ctype=l&strail=false&bcs=d&nselm=h&met_y=gd_mio_eur&scale_y=lin&ind_y=false&rdim=country_group&idim=country:el:it:es:pt&ifdim=country_group&tstart=980982000000&tend=1359673200000&hl=en_US&dl=en&ind=false&icfg" width="400"></iframe>
<br />
<span style="font-size: small;"><i><b>Graph 3: General government debt in Euros - Source Eurostat</b></i></span><br />
<br />
<div style="text-align: justify;">
Graph 3 shows clearly that Greece is not really the factor that could derail the Eurozone train. Italy and Spain owe collectively more than 3 Trillion Euros, a staggering amount of money that cannot be absorbed by any corrective measures. These 3 Trillion Euros exclude the extra 2 Trillion Euros of France, a large part of the European economy that is also start becoming problematic. </div>
<br />
<div style="text-align: justify;">
Let's assume that Europe does not find an agreement with the SYRIZA government and develops the legal/procedural framework to oust Greece from the EU, in order to demonstrate what happens to the bad boys that do not keep their promises. It is true that Europe can today catch the 250 billion Euro bullet owed by Greece. <b>However, Europe will be fooling itself. Because although it may absorb the shock waves of the comparatively small Greek debt, it will not be able to absorb the trillions of Euros owed by the rest of the stagnant national economies of the Eurozone.</b> The reasons are simple and evident.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiER5ljC-DZNIeYNdW-3T0eBJzfcjb-8W8UWIcGPmeC8X8pZlH8EBCFH8dVaOaQczw3b18QpMZl8q7Fb9a6oN17sksRFrg8EKGNpADfWzLhb_MWyBymDQr0bLLWRq_fTVW92YDR_-dJIuNe/s1600/unemploymenteurostat.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiER5ljC-DZNIeYNdW-3T0eBJzfcjb-8W8UWIcGPmeC8X8pZlH8EBCFH8dVaOaQczw3b18QpMZl8q7Fb9a6oN17sksRFrg8EKGNpADfWzLhb_MWyBymDQr0bLLWRq_fTVW92YDR_-dJIuNe/s1600/unemploymenteurostat.png" height="460" width="640" /></a></div>
<div style="text-align: center;">
<span style="font-size: small;"><i><b>Graph 4: Eurozone Unemployment rate - Source Eurostat</b></i></span></div>
<br />
<div style="text-align: justify;">
First of all, despite a buffer of 1.1 Trillion Euros that the ECB can dedicate to kickstart the economies, Europe does not have policies, mechanisms and a clear plan to make that kind of money work, because the North and South are divided in theory, practice and culture. For more than seven years now, Eurozone officials have failed to tackle vital issues such as the unemployment issue (Graph 4), more evident in the European South. The lack of developmental capital and vision to help the South retain young people in Greece, Spain, Italy and Portugal has led to massive migration of the productive workforce to Germany, the UK, the Scandinavia and even outside the European continent. How these countries can build a tax base to fund functioning states is a good question. As far as I know, nobody has built successful tax systems out of pensioners, students and people who have partial or no employment at all. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
As the elections in Spain are nearing and the size of the Spanish debt is much higher than the Greek one, I am sure that these data can convince even the greatest hardliners in Europe to listen to the Greek case. I am certain that the voice of reasoning in Europe will win. Greece, even battered, will eventually exist with or without the Euro (my preference is within the Euro). I am not sure that the Euro will exist without a change of policy. Greek citizens have already lost a lot (some have nothing to loose any more) and Europe should listen very carefully this time.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<br />
<br /></div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-595803031323264382014-07-01T11:51:00.002-07:002014-07-24T04:44:33.451-07:00First sysadmin impressions on RHEL 7<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPswyMFy3i3q_B6SO31bCHyPf5oM70LtNFB1qeeXvXBgOlsFLEhOpimbh8tTrW5Hc5o5y7w_RpF_jnDStPZ39KrjQh1hOpC8qmfkTnAjNF_GcaF1UkOvVrPknqzuQGIDeAySk0uegzZ2L_/s1600/rhel7e.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPswyMFy3i3q_B6SO31bCHyPf5oM70LtNFB1qeeXvXBgOlsFLEhOpimbh8tTrW5Hc5o5y7w_RpF_jnDStPZ39KrjQh1hOpC8qmfkTnAjNF_GcaF1UkOvVrPknqzuQGIDeAySk0uegzZ2L_/s1600/rhel7e.jpeg" height="480" width="640" /></a></div>
<br />
The 10th of June 2014 was a special day for the Linux world, as Redhat <a href="http://www.redhat.com/about/news/press-archive/2014/6/red-hat-unveils-rhel-7" target="_blank">released the much anticipated version 7</a> of its Enterprise operating system product RHEL. Code named 'Maipo' and having gone through a Beta (11/12/2013) and Release Candidate RC (23/04/2014) stage, RHEL 7 is now available (GA) and is based on Fedora 19 and the upstream kernel 3.10.<br />
<br />
Following the blog tradition started with a <a href="http://epistolatory.blogspot.no/2010/12/rhel-6-part-iii-first-impressions-from.html" target="_blank">'first impression' article on RHEL 6</a> some years ago, I will do the same here and present a number of goodies that will keep the sysadmins/devops folks busy, in the process of deploying RHEL 7 in their production environments.<br />
<br />
Rather than replaying in detail the excellent info of the <a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.0_Release_Notes/index.html" target="_blank">RHEL 7 Release notes</a> as well as the nice <a href="http://rhsummit.files.wordpress.com/2014/04/ddumas_t_0120_red_hat_enterprise_linux_roadmap1.pdf" target="_blank">roadmap presentation</a> of the 2014 RedHat Summit, I will just summarize the important changes that it brings to the daily work of sysadmin/devops teams accompanied by some hands-on videos on the concepts.<br />
<br />
The very first thing you will notice is a 'Fedorazation' of the Graphical Installation environment. Yes, those of you that are not familiar with the new graphical Anaconda environment of the latest Fedora releases, you will discover that the old RHEL 5/6 serialized wizard menus are gone in favour of a <b>central screen</b> where you click to setup various aspects of the installation AND then you launch the install. You can find a video below that demonstrates a basic RHEL 7 installation on a VM environment.<br />
<br />
<div style="text-align: center;">
<iframe allowfullscreen="" frameborder="0" height="480" src="//www.youtube.com/embed/hQ7vzcUPmRE" width="640"></iframe>
</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
Another major change you will feel from Day 1 is the obligatory<i>-ish</i> interaction with<b> systemd</b>. Faster boot times with parallel service startup and increased manageability have their price: The days of init scripts and the 'services' command are gone<i>-ish</i> for RHEL. I am using the '<i>-ish</i>' bit because although Redhat chose to maintain the traditional concepts of runlevels for backwards compatibility (read: to prevent most non systemd friendly sysadmins to start screaming), this will certainly <b>not</b> be the case for the near future of RHEL 7 minor releases. Thus, now is a good time to start thinking in terms of units and targets, as opposed to init scripts and runlevels. Below you will find a video where I demonstrate the concept of interacting with systemd to start and stop services, or change the default runlevel, erhh, sorry, target of your system. Once you get used to 'systemctl', your new buddy, things will not look so bad/alien.<br />
<br />
</div>
<div style="text-align: center;">
<iframe allowfullscreen="" frameborder="0" height="480" src="//www.youtube.com/embed/BS8cdl7dOUI" width="640"></iframe>
</div>
<br />
You should get used to the idea of using Linux Control Groups (cgroups). The cgroup concept is not a new one, however now is the time to get used to the new tools for administering cgroups, as the technology is one of the conceptual blocks that RHEL 7 brings in the arena of Linux Containers (see latter paragraphs). To help you, I have made a video that demonstrates how various systemd commands can be used to administer cgroups.<br />
<br />
<div style="text-align: center;">
<iframe allowfullscreen="" frameborder="0" height="480" src="//www.youtube.com/embed/81j1WF5xEZc" width="640"></iframe>
</div>
<br />
In the filesystem arena, you have some notable supported volume capacity expansion. In particular, <b>XFS</b> which is now your default filesystem (that's right, even <b>/ </b>on an automatically partitioned install is on XFS by default) can support volumes of up to 500 Tbytes (in RHEL 6 the limit was 100 Tb). ext4 is still an option and supported in volumes no greater than 50 Tbytes (RHEL 6 had them limited to 16 Tb per volume). My advice is to really not use ext4 again on your migrated RHEL 7 systems. As I wrote four years ago in the <a href="http://epistolatory.blogspot.no/2010/12/rhel-6-part-iii-first-impressions-from.html" target="_blank">RHEL 6 first impressions article</a>, XFS was the way to go in terms of performance and scalability. Today, XFS is mature enough to trust for production and can be tailored to medium/large size volumes. I just do not see ext4 fitting somewhere anymore.<br />
<br />
I have yet to produce some comparative performance figures of XFS running on the same hardware for RHEL 6 and 7. Stay tuned for this, as it takes time and effort to do some meaningful comparison.<br />
<br />
Staying on the filesystem arena, <b>Btrfs</b> is offered as a tech preview on RHEL 7, but I am not happy at all with its current state (<i>kernel 3.10.0-123.4.2.el7.x86_64 #1 SMP Thu Jun 5 21:43:43 EDT 2014</i>). During some iozone benchmarking, btrfs broke down and that's quite disappointing. If one considers the fact that btrfs represents really the ZFS commercial Unix arena equivalent of the Linux world, even a tech preview should have been more stable. Redhat folks, I am looking forward to a more stable btrfs tech preview, please work on that task.<br />
<br />
For those of you that are development oriented, some major version components include:<br />
<br />
<ul style="text-align: left;">
<li><b>GNU bash, version 4.2.45(1)-release</b></li>
<li><b>gcc version 4.8.2 20140120 (Red Hat 4.8.2-16)</b></li>
<li><b>Perl is on version 5.16.3 built for x86_64-linux-thread-multi</b></li>
<li><b>Python is on version 2.7.5</b></li>
</ul>
<br />
This should really update some long outdated components of RHEL 6 (especially on the gcc side of things) that were seriously hindering software development without some effort to install separate libraries, compilers, etc.<br />
<br />
Finally, for the devops oriented folks, one of the greatest technologies that RHEL 7 is introducing is that of <b>containers</b>. In essence, a container is a way to package your tech apps using a lightweight environment that provides resource isolation. This cannot only seriously save some memory and CPU cycles (in comparison to hosting apps in virtualized OSes), but it can also please your developers by introducing Docker Image based containers, a technology that allows you to speed up portable application deployment. I have made a video that demonstrates the basics of using Docker (see below) and I hope this will help you orient yourselves around the technology.<br />
<br />
<div style="text-align: center;">
<iframe allowfullscreen="" frameborder="0" height="480" src="//www.youtube.com/embed/15N6BtYXfvA" width="640"></iframe>
</div>
<br />
<br />
Whether Docker containers will eventually replace your hypervisors is hard to say. Containers do not provide (yet) features such as redundancy and live workload migration, two business important features offered by most virtualization technologies today. Nevertheless, application serving and deployment via Docker containers is more efficient than throwing virtualized operating system images. I shall place some concrete numbers behind that claim in order to convince you to start looking at the technology.<br />
<br />
First of all, I shall explain how I obtained those figures. I performed the tests on two identical servers ( Dell PE 1950s) with the same amount of RAM (16 Gigs), the same CPUs ( 8 cores Intel(R) Xeon(R) CPU E5345 @ 2.33GHz cores) and with identical disk drives and I/O controllers. One of these servers was running a standard KVM environment on RHEL 7. The other was running a Docker container engine on RHEL 7.<br />
<br />
The next steps were to install:<br />
<ul style="text-align: left;">
<li>An Apache server on the RHEL 7 KVM hosted VM (the served VM is on Fedora 20)</li>
<li>Docker pull and run the Fedora/Apache image from the Docker repository on the second server, to approximate the same environment as the VM on the Linux container. I also had to run the container by doing a:<br /><pre> </pre>
<pre><span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: small;"><b>docker run -p 8080:80 -i -t --name=thirdcon fedora /bin/bash</b></span></span></pre>
</li>
</ul>
in order to give it a port on a network (testing on the local server and<br />
bypassing the network latency would not yield a reliable measurement) <br />
<br />
At that point, I had two web servers running, one in a VM and one in a Docker container. I configured both Apache s to serve a simple text index.html file (no images, graphics).<br />
<br />
I then employed the <a href="http://en.wikipedia.org/wiki/ApacheBench" target="_blank">ab Apache benchmarking tool</a> from a third independent host and for each server URL, I fired a benchmarking load with different levels of concurrency like this:<br />
<br />
<div style="text-align: center;">
<b><span style="font-family: "Courier New",Courier,monospace;">ab -c 2 -n 100000 http://serverURL/index.html</span></b></div>
<div style="text-align: center;">
<b><span style="font-family: "Courier New",Courier,monospace;">ab -c 4 -n 100000 http://serverURL/index.html </span></b></div>
<div style="text-align: center;">
<b><span style="font-family: "Courier New",Courier,monospace;">ab -c 8 -n 100000 http://serverURL/index.html</span></b></div>
<br />
representing different numbers of concurrent requests, up to the number of cores of the VM and the container. The results are summarized in the graphs below and they are quite revealing.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgB44OjBgq1E64etCC2UWL97xrJJVsscePGvewit-Uc-7Q8g_xcLWtXy9M687MPNItxhkyVv8P5BB2tPFc8_uocvwaQAaWDfLMbT1kAA58aZad1r8iGdtNbqcIWFNnhrP42U78w5EwTYXad/s1600/dockerversusKVMAPACHE.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgB44OjBgq1E64etCC2UWL97xrJJVsscePGvewit-Uc-7Q8g_xcLWtXy9M687MPNItxhkyVv8P5BB2tPFc8_uocvwaQAaWDfLMbT1kAA58aZad1r8iGdtNbqcIWFNnhrP42U78w5EwTYXad/s1600/dockerversusKVMAPACHE.jpeg" height="640" width="547" /></a></div>
<br />
The first graph shows the maximum number of concurrent requests per second achieved in each concurrency level. Docker clearly wins over KVM with just over 8000 requests per second. You should also note that the more we increase the concurrency level, the greater the difference in the result between the two technologies.<br />
<br />
The second graph plots the time-to-completion in seconds for each benchmark. Again, Docker is faster by a margin of several seconds. That might seem small, but it really is not. A few seconds here and there, in loaded servers running larger workloads concurrently means a great deal. <br />
<br />
This concludes the original first impression assessment of RHEL 7. I hope this contributed towards convincing you to give it a go. <br />
<br />
That's all for now!<br />
GM</div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com1tag:blogger.com,1999:blog-2248117304334958898.post-83801434146826193482013-09-22T03:36:00.001-07:002013-09-24T03:58:18.586-07:00Επανάληψη της ιστορίας, επανάληψη των λαθών και ο Αδαμάντιος Κοραής <div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
Κάποιοι υποστηρίζουν οτι η ιστορία επαναλαμβάνεται. Εγώ είμαι απο αυτούς που πιστεύουν οτι τα μεγάλα λάθη είναι αυτά που επαναλαμβάνονται και δημιουργούν τα ίδια μοτίβα, κάνοντας τους άλλους να νομίζουν οτι η ιστορία επαναλαμβάνεται. Αυτό είναι ίσως μια βαρυσήμαντη δήλωση και πρέπει κάπως να τεκμηριωθεί.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7UyCo0v5CR8_k2RG-Ff6dV-wnmKyuLc8Pe8sV6TYB8DczTjmAOX9qMcKgqhDKzAsqExsSpKbx63WN3XkVT0cmWq9D05zaaVxkm6gPD2WwBPmtf5L_cMCuDpTAN_9w12gL7KzkUNEQDMbF/s1600/Pavlos_fyssas.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="206" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7UyCo0v5CR8_k2RG-Ff6dV-wnmKyuLc8Pe8sV6TYB8DczTjmAOX9qMcKgqhDKzAsqExsSpKbx63WN3XkVT0cmWq9D05zaaVxkm6gPD2WwBPmtf5L_cMCuDpTAN_9w12gL7KzkUNEQDMbF/s400/Pavlos_fyssas.jpg" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-BEeCM9wIiv_3kWlAbfKMXHLgtdBjGKa2-w4-5vu0F8Yxsg47KK0AVR7nD81TS55Uu13v3HY2XJKA2c9dL4WUcHO3iE_Zcq-LcbVLgxLXzYuHI34SquMfiWVlpJh8gwRzWnG6FT9R09ID/s1600/Alexandros_Grigoropoulos'2008.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-BEeCM9wIiv_3kWlAbfKMXHLgtdBjGKa2-w4-5vu0F8Yxsg47KK0AVR7nD81TS55Uu13v3HY2XJKA2c9dL4WUcHO3iE_Zcq-LcbVLgxLXzYuHI34SquMfiWVlpJh8gwRzWnG6FT9R09ID/s1600/Alexandros_Grigoropoulos'2008.jpeg" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuqk7ILJ8iM5pS8_21aQUl6VCmRt3bSYDUJl-TTKyfq0_HqXln3s4c5F5qlkfO_DIzMJLO6wpH5okhU8_jJIkyMSaOBFEvzXfO1FOQreDkLBcSGk8ePSy77KgvgrHmPpPHuM6oJuQVB3yC/s1600/Griglabr.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="292" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuqk7ILJ8iM5pS8_21aQUl6VCmRt3bSYDUJl-TTKyfq0_HqXln3s4c5F5qlkfO_DIzMJLO6wpH5okhU8_jJIkyMSaOBFEvzXfO1FOQreDkLBcSGk8ePSy77KgvgrHmPpPHuM6oJuQVB3yC/s400/Griglabr.jpg" width="400" /></a></div>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Στις 18 Σεπτεμβρίου του 2013,<a href="http://news.in.gr/greece/article/?aid=1231265706" target="_blank"> η δολοφονία του </a><a href="http://news.in.gr/greece/article/?aid=1231265706" target="_blank">Πέτρου Φύσσα </a>έφερε στο μυαλό τα γεγονότα του 1963. Πέρα απο τη Α. Γρηγορόπουλο (06/12/2008) και τους 4 νεκρούς της Μαρφίν το (05/05/2010), 50 χρόνια πριν, ο <a href="http://el.wikipedia.org/wiki/%CE%93%CF%81%CE%B7%CE%B3%CF%8C%CF%81%CE%B7%CF%82_%CE%9B%CE%B1%CE%BC%CF%80%CF%81%CE%AC%CE%BA%CE%B7%CF%82" target="_blank">Γρηγόρης Λαμπράκης</a> θα αφήσει την τελευταία του πνοή ύστερα απο δολοφονικό χτήπημα παρακρατικών οργανώσεων, οδηγώντας σε πτώση την κυβέρνηση του Κ. Καραμανλή. Δεν είναι μόνο η τραγική ομοιότητα του κινήτρου και του τρόπου με τον οποίο δολοφονήθηκαν τα δύο αυτά άτομα. Αξειοσημείωτη είναι και η ομοιότητα μεταξύ των καταστάσεων που βίωσε η Ελλάδα πέντε δεκαετίες πριν και αυτών που συμβαίνουν σήμερα. Η οικονομική αδυναμία της χώρας, η αποτυχία των παλαιών και σημερινών κυβερνήσεων να κατανείμουν ένα εισόδημα στο λαό πυροδότησε τα άκρα, με ολέθριες συνέπειες για πολλές γενιές ανθρώπων και για την ίδια την Ελλάδα. Η χούντα των συνταγματαρχών δεν είναι βέβαια απόλυτα όμοια με τον κατάπτυστο νεοναζιστικό χαρακτήρα του μορφώματος της Χρυσής Αυγής. Ούτε και με τον ακροαριστερό/αντιεξουσιαστικό χώρο που έκαψε ανθρώπους ζωντανούς (Marfin 5/5/2010) και καταστρέφει ανενόχλητος περιουσίες Η Δημοκρατία αποκαταστάθηκε, και ο φυλακισμένος ανακριτής της υπόθεσης Λαμπράκη, Χρήστος Σατζερτάκης έγινε Πρόεδρος της το 1985. Τα βασικά και τραγικά λάθη όμως παρέμειναν και θα εξηγήσω ποια είναι αυτά τα λάθη στις επόμενες παραγράφους. Η Δικαιοσύνη καταδίκασε στελέχη της Marfin για έλλειχη κανονισμών πυρασφάλειας, δεν έκανε όμως τίποτα για αυτούς που έβαλαν τη φωτιά και σκότωσαν εργαζόμενους ανθρώπους. Ο φασισμός δεν έχει χρώμα, κόμμα, εθνικότητα. Έχει μόνο τρόπο, και είναι σαφώς ο τρόπος που κάνει το φασίστα, η βία, ο τραμπουκισμός, είτε αυτός ανήκει στον ακροδεξιό, είτε στην άλλη άκρη του φάσματος. </div>
<div style="text-align: justify;">
<br />
<br />
<center>
<iframe frameborder="0" height="270" src="http://www.dailymotion.com/embed/video/xkfqf1" width="480"></iframe><br /><a href="http://www.dailymotion.com/video/xkfqf1_%CF%80%CF%81%CF%89%CF%84%CE%B1%CE%B3%CF%89%CE%BD%CE%B9%CF%83%CF%84%CE%AD%CF%82-%CE%BD%CE%B5%CE%BA%CF%81%CE%BF%CE%AF-marfin_people" target="_blank">Πρωταγωνιστές ~ Νεκροί Marfin</a> <i>by <a href="http://www.dailymotion.com/KRASODAD" target="_blank">KRASODAD</a></i> </center>
</div>
<div style="text-align: justify;">
<br />
Ο Ουμπέρτο Έκο έγραψε το <a href="http://en.wikipedia.org/wiki/The_Mysterious_Flame_of_Queen_Loana" target="_blank">"η Μυστηριώδη Φλόγα της Βασίλισσας Λοάνα"</a>. Πέρα απο τη σαγηνευτική περιγραφή του πως λειτουργεί στην πράξη η ανθρώπινη μνήμη, περιγράφοντας την περιπέτεια ενος 60χρονου που πάσχει απο μετατραυματική αμνησία και προσπαθεί να ξαναβρεί την ταυτότητά του, ο συγγραφέας προβάλλει μεταξύ άλλων γλαγυρότατες εικόνες της φασιστικής Ιταλίας πριν και κατά τη διάρκεια του Β Παγκοσμίου Πολέμου. Στην Ελλάδα, η Σοφία Βέμπο τραγουδούσε το κορόιδο Μουσολίνι. Απο την άλλη όμως πλευρά του νομίσματος, ο Ιωάννης Μεταξάς είπε το ιστορικό Όχι και υιοθετούσε μέρος αυτών των φασιστικών ιδεολογιών, για να επιβληθεί σε ένα περιβάλλον πολωμένο και άκρως ασταθές. Εγώ δε στέκομαι στο Χιτλερικό τύπου χαιρετισμό των μελών της <a href="http://el.wikipedia.org/wiki/%CE%95%CE%B8%CE%BD%CE%B9%CE%BA%CE%AE_%CE%9F%CF%81%CE%B3%CE%AC%CE%BD%CF%89%CF%83%CE%B7_%CE%9D%CE%B5%CE%BF%CE%BB%CE%B1%CE%AF%CE%B1%CF%82" target="_blank">ΕΟΝ</a>. Στέκομαι σε ένα άλλο πολύ χειρότερο στοιχείο. Το διχασμό και την πόλωση, αυτό το σταθερά διαχρονικό λάθος.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Διχασμός (σχεδόν) εκατό χρόνια πριν μεταξύ φιλοβασιλικών και Βενιζελικών. Διχασμός μετά το πέρας του Β Παγκοσμίου Πολέμου μεταξύ Αριστερών και Δεξιών. Διχασμός το 1960 μεταξύ του παλατιού και της κυβέρνησης Γ. Παπανδρέου, ο οποίος μετατρέπεται σε χάος με τη χούντα (λες και η χούντα θα έρχονταν άν υπήρχε αγαστή συνεργασία μεταξύ των τότε πολιτικών, αλλά αυτά δε τα εξέταζε κανένας στο σχολείο, όταν εγώ ήμουν μαθητής. Μας έλεγαν για το Πολυτεχνείο, για την Κύπρο, για τους συνταγματάρχες και για το Γέρο της Δημοκρατίας, χωρίς όμως τα λάθη του που έδρασαν καταλυτικά στη δημιουργία του φαύλου κύκλου). Διχασμός και στη μεταπολίτευση, με τους μπλε, πράσινους, κόκκινους και τις λοιπές αποχρώσεις τους. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Ας υποθέσουμε όμως ότι είμαι λάθος, και οτι ο διχασμός δεν είναι η αιτία επανάληψης της ιστορίας στην Ελλάδα. Απο καθαρή τύχη μετά το τραγικό συμβάν, βρέθηκα σε ένα βιβλιοπωλείο. Μπροστά στο ράφι υπήρχαν κόπιες μιας υπέροχης έκδοσης του "<a href="http://www.biblionet.gr/book/156543/%CE%9A%CE%BF%CF%81%CE%B1%CE%AE%CF%82,_%CE%91%CE%B4%CE%B1%CE%BC%CE%AC%CE%BD%CF%84%CE%B9%CE%BF%CF%82,_1748-1833/%CE%95%CF%80%CE%B9%CF%83%CF%84%CE%BF%CE%BB%CE%AD%CF%82_%CF%80%CF%81%CE%BF%CF%82_%CF%84%CE%BF_%CE%AD%CE%B8%CE%BD%CE%BF%CF%82" target="_blank">Επιστολές προς το Έθνος</a>", του <a href="http://el.wikipedia.org/wiki/%CE%91%CE%B4%CE%B1%CE%BC%CE%AC%CE%BD%CF%84%CE%B9%CE%BF%CF%82_%CE%9A%CE%BF%CF%81%CE%B1%CE%AE%CF%82" target="_blank">Αδαμάντιου Κοραή</a>. Οι 117 σελίδες των επιστολών του πρέπει να διαβαστούν υποχρεωτικά απο κάθε σύγχρονο Έλληνα με πολιτική (όχι κομματική) συνείδηση. Είχα την ευκαιρία να το διαβάσω όλο σε μια 4ωρη πτήση. Ένιωσα μια ανατριχίλα όχι γιατί διάβαζα τα σοφά λόγια μιας απο τις μεγαλύτερες προσωπικότητες του νεοελληνικού διαφωτισμού, αλλά για το πόσο επίκαιρες είναι οι παρατηρήσεις του ακόμη και σήμερα, δείγμα της επανάληψης των τραγικών σφαλμάτων.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Γράφει λοιπόν μεταξύ άλλων ο Αδαμάντιος Κοραής αναφερόμενος "Προς τους Προεστώτας της Ελλάδος" σε μια επιστολή του με τίτλο "Ελευθέρωσις και απο τα τυραννικά πάθη", με ημερομηνία 10.1.1822:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
"<i>Οι Έλληνες έπαθαν, δια τας διχονοίας των, την δυστεχεστάτην απ' όλας τας πολιτικάς μεταβολάς, την στέρησιν της προγονικής αυτονομίας και ισονομίας, κ' εδέθηκαν εις τον ζυγόν των Ρωμαίων, όστις έμελλε να φέρη έπειτα τον βαρύτατον ζυγόν των Γραικορωμαίων αυτοκρατόρων, και τελευταίον τον οποίον σήμερον απετινάξατε ανυπόφορον ζυγόν των Τούρκων. Και της αθλίας ταύτης μεταβολής οι Κορίνθιοι μάλιστα εγεύθησαν τα πικρότερα κακά...Οι σωθέντες όμως νέοι Κορίνθιοι λησμονήσαντες, ότι δια τας διχονοίας, τας διχοστασίας και τας έριδας των γονέων των κατεστάθησαν αντ' ελευθέρων δούλοι των Ρωμαίων, τας αυτάς διχονοίας ανενέωσαν και εφύλαξαν επι τρίτην και τετάρτην γενεάν, εωσού μετά διακόσια σχεδόν έτη της πολιτικής καταστροφής των ευηγγελίσθη εις αυτούς ο απόστολος Παύλος σωτήριον άλλην θρησκευτικήν μεταβολήν, ήτις αποβάλλει πάσαν αδικίαν, και στηρίζεται, ως και πάσα νόμιμος κοσμική πολιτεία, εις την ισονομίαν...Η τόσον ολέθριος αρρώστια της διχονοίας δεν έθλιβε μόνο τους Κορινθίους, αλλ' ήτο κατά δυστυχίαν αρρωστία κοινή όλου του Ελληνικού γένους, τόσο πλέον παράδοξος, όσον οι Έλληνες εστάθησαν όλων των καλών του πολιτισμού ευρέται και πρωταίτιοι...Δια τι λοιπόν δεν ωφελήθησαν οι θαυμαστοί μας ούτοι πρόγονοι απο τα τόσα καλά, των οποίων κατεστάθησαν διδάσκαλοι εις τους άλλους;...Διότι δεν εκατάλαβαν ποτέ εις τι στέκει, και πως σώζεται η αληθινή ελευθερία. Εφλέγοντο απο τον έρωτα της ελευθερίας όλοι, αλλά πάσα μία πόλις ήθελε να δεσπόζη τας άλλας, και πας ένας πολίτης εσπούδαζε να κυριεύη τους συμπολίτας του. Η κατάρατος αυτή φιλαρχία εγέννησε την διχόνοιαν, διήγειρε τας πόλεις και τους πολίτας κατ´ αλλήλων, άναψε των εμφυλίων πολέμων την πυρκαιάν...Σπλαχνισθήτε, φίλοι αδερφοί, τους απογόνους σας, μην αφήσετ´ εις αυτούς τόσον ολέθριον κληρονομίαν αλλά παραδώσετέ των την αποκτημένη με τα αίματά σας ελευθερίαν καθαράν απο πάσα πλεονεξίαν και ανισότητα!</i>"</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Ο Αδαμάντιος Κοραής συνεχίζει σε άλλες επιστολές να τονίζει οτι τα άκρα δεν είναι ποτέ λύση, ακόμα και αν στην εξουσία υπάρχουν άνθρωποι των άκρων. Μιλάει δε για μια έννοια της ελευθερίας, αυτή που στηρίζεται στη δικαιοσύνη και την ισονομία. Γράφει στην "Προς νέον πολιτικόν Ν. Πίκολον" επιστολή του, με ημερομηνία 5.6.1822 : "<i>Την φύσιν μας, φίλε, ν´ αλλάξωμεν δεν είμεθα κύριοι. Εις την εξουσίαν μας όμως είναι, αφού γνωρίσωμεν της φύσεώς μας την εις το εν ή εις το άλλο άκρον κλίσιν, να την ανασύρωμεν προς το μέσον, όπου μόνον ευρίσκεται η αρετή...Εις όλους τούτους, Κοραή, χρεωστείς να φανείς ένας μόνο άνθρωπος, μιας μόνης ελευθερίας, της θεμελιωμένης εις την ισοτιμίαν φίλος. Με λόγον έναν, με μια μόνον φωνήν, χρεωστείς να διδάσκης και άρχοντας και αρχομένους μια μόνην διδαχήν, την εις τους αυτούς νόμους υποταγήν. Τι έχεις να φοβηθής; Τιν περί σού κρίσιν των άλλων; Αν είναι χρηστοί πολίται, δεν θέλουν αργήσειν να συμφρονήσωσι και να συμφωνήσωσι με σε. Αν είναι του γένους των Ταρτούφων, κρίνέ τους και συ, ως τους έκρινεν ο φίλος της ευνομίας Αυτοκράτωρ. ¨Όταν άλλος ψέγη σε ή μισή, έρχου επι τα ψυχάρια αυτών, δίελθε έσω και ίδε ποίοι τινες εισίν. Όψει ότι ου δει σε σπάσθαι, ίνα τούτους τι ποτέ περί σού δοκεί.¨ Οι φοβερώτεροι τούτων είναι οι σπουδαρχίδαι και σπουδοπλουτίδαι, τους οποίους συγχωρημένον είναι να φοβάσαι μη σε κακοποιήσωσι. Αλλά τον φόβον τούτον έπρεπε να συλλάβης πριν εκδυθής εις τους αγώνας. Αφού ετόλμησες να πηδήσεις εκουσίως εις της ελευθερίας την παλαίστραν, πρέπει να παλαίσεις ως λέων και όχι ως αλώπηξ, λοιπόν πολέμει ωπλισμένος όχι με το λεγόμενον πολιτικόν, αλλά με την αχώριστον της ηθικής πολιτικήν επιστήμην.</i>"<br />
</div>
<div style="text-align: justify;">
Η διαχρονικότητα αυτών των κειμένων αποδεικνύει λοιπόν οτι τα λάθη είναι εκείνα που επαναλαμβάνονται, γιατί όταν σε μια κοινωνία δεν υπάρχει ισονομία και διχόνοια, λογικό είναι τα άκρα να ενισχύονται. Ας δούμε λοιπόν άν ο Πρωθυπουργός θα πολεμήσει τον τραμπουκοφασισμό σαν λιοντάρι ή σαν αλεπού. Εαν δε σταθεί σαν λιοντάρι απέναντι στο μόρφωμα του φασισμού, θα είναι ο δεύτερος απόφοιτος του Άμχερστ που θα πάει στο σπίτι του. Εύχομαι τρίτος να μην υπάρξει.<br />
<br /></div>
<br /></div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-26677389492604068172013-08-12T03:32:00.000-07:002013-09-07T01:36:33.124-07:00The surveillance mass hysteria, the right to privacy and professionalism <div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
I had the intention to make a commentary about the Snowden case and the mass anti-surveillance hysteria it provoked. I will defend the use of the term 'hysteria' in latter paragraphs. But then I realized that the consequences of Edward Snowden's case were far greater than I previously thought. This is not in terms of the diplomatic and geopolitical consequences of his whistle blowing acts. Government surveillance has sustained the Assange/Wikileaks blow and it will continue to do so (thankfully, because I do not agree with the acts of Snowden and Assange, but keep reading, I assure you I do not do Government propaganda here). In contrast, the thing I feared the most, was that this Snowden induced hysteria would eventually turn against hard working US businesses in the area of privacy protection. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Unfortunately, I was proven right. A few hours prior starting the composition of these lines, I read sad news that announced <a href="http://yro.slashdot.org/story/13/08/08/1956215/encrypted-email-provider-lavabit-shuts-down-blames-us-govt" target="_blank">the closure of Lavabit</a>, one of the most reliable encrypted email providers. It turns out that Snowden had used Lavabit's service and this created some sort of friction, pressure and eventually service collapse of the provider. In an attempt to gauge public opinion, I opened my Twitter account. One of the comments from an individual was "I will never entrust any of my data to a US business!". Of course, surveillance is not only a US phenomenon. In Europe, Asia, Australia, the Middle East, the games of cat and mouse between those who want to safeguard their privacy and those who want to break it is on. So, it is safe to assume that a business is the worst possible place to entrust your digital assets? I am raising this question, because Lavabit is not the only company that is in this sort of business.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Now that I raised the question, I want to step back a bit. I want you to picture Edward Snowden, an IT person that ended up somehow working for the tech/contractor sector that surrounds the NSA. Did you really think that when he joined the ranks, he had no idea of what was going on in there? Do you really need a "hero" like Snowden to tell you that Governments have surveillance capability? Really? </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I have started working on the Internet in 1998, and I worked on core
TCP/IP protocols and Ethernet device drivers, which is what drives today
most of the corporate networks. Today, I am tasked with securing some digital assets for various scientific communities, and I want to believe that I have a healthy dosage of paranoia in relation to whether my infrastructure is secure or not.<br />
<br />
The assumption that the guy who sits on NSA/GCHQ
has the will to listen to your personal communications one morning and can under all conditions is wrong and unhealthy. If you are an intelligence analyst, you are looking for
needles in a haystack and you have specific problems to solve. Yes,
there is data mining. Yes, there are ways to tap into your personal
communications. Yes, you could be a bystander and accidentally tapped
into in an attempt to locate someone, but this is less probable than you
being the victim of a phishing/zero day exploit of some bandit that
wants your machine for a botnet, or is after your bank account, etc.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Yes, we all have the right to privacy and trusting a communication system to deliver a message from person A to person B is important. Read <a href="http://simonsingh.net/" target="_blank">Simon Singh's </a> <a href="http://simonsingh.net/books/the-code-book/the-book/" target="_blank">"The Code Book"</a> and you will see that most European Governments were operating surveillance rooms from the very early history and form of human communication. He writes about the so called "black rooms", mentioning some of the earlier examples of such a service: the <a href="http://books.google.no/books?id=ISXaUUPqpscC&pg=PA168&lpg=PA168&dq=geheime+kabinettskanzlei&source=bl&ots=MozkxK0AIb&sig=J9zinAtK007eK0C5vMYpAtqhr40&hl=en&sa=X&ei=ZxAGUoKDGeiK4gT1-ICQBg&ved=0CG8Q6AEwCA#v=onepage&q=geheime%20kabinettskanzlei&f=false" target="_blank">Geheime Kabinetskanzlei</a>, the secret Austrian Service, operated such a room in Vienna on the 18th century. The personnel would open certain letters of interest with care, leaving very few traces on the open envelope, they would make an exact and even translated/decoded copy of the letter, they would reseal the envelope and let the letter reach its final destination. This is one of the earliest form of industrial grade Government surveillance and a very good analogue of what is happening in our age.<br />
<br />
Am I trying to increase your paranoia? To the contrary. Do you really think that a black room had the capacity to open/decode/translate all letters? The obvious answer is no. Cryptographers and skilled envelope openers/resealers were finite and there was a very careful targeting/sampling of senders and recipients. Is the whole process easier on the 21st Century? Well, yes and no. It is an interesting question.<br />
<br />
The era of computers, the falling CPU/GPU/MIC hardware costs, the increased connectivity of social media and the mobile wireless technologies, the plethora of <a href="http://en.wikipedia.org/wiki/Web_scraping" target="_blank">web scraping techniques</a> and <a href="http://en.wikipedia.org/wiki/Deep_packet_inspection" target="_blank">Deep Packet Inspection (DPI)</a> software solutions have made it easier to perform surveillance on a grander scale than the era of the good old post office. However, we are far from the era of pressing a few buttons, having an email address and knowing everything about the life of every individual, as Snowden claims.<br />
<br />
One of the greatest problems for the era of modern surveillance is "noise". In the context of surveillance data mining, "noise" is a collective term for a range of factors that prevent a mining algorithm for achieving its target (to get its info or estimate whether something is true or false: for example, whether a particular individual is related to a group of people or not. These factors include:<br />
<ul>
<li>a)Fuzzy or an incredibly large amount of info to mine, well beyond the capabilities of the data mining algorithm</li>
</ul>
<ul>
<li>b)Inability of the mining/surveillance techniques to keep up with the amounts of information transmitted over a digital network. </li>
</ul>
<ul>
<li>c)Susceptibility of the mining algorithm to false negatives/positives due to design inadequacies.</li>
</ul>
With respect to factor a) above, the Internet might be a great repository of information for data mining, however it is also "polluted" with redundant, false and distributed/incomplete information. The term <a href="http://en.wikipedia.org/wiki/Information_overload" target="_blank">information overload</a> or <a href="http://en.wikipedia.org/wiki/Information_pollution" target="_blank">information pollution</a> should not only refer to the cognitive abilities of an individual to absorb, comprehend and act on the amount of information mined from the web. It also has a negative effect on surveillance data mining algorithms.<br />
<br />
Lots of information means an ever increasing rate of information transfer (b). Modern data networking speeds increase all the time, especially large data backbones where we have speeds of even 100 Gigabits/sec at the time of writing. If one combines this fact with the use of encryption, <a href="http://www.deepdyve.com/lp/elsevier/managed-security-monitoring-network-security-for-the-21st-century-7eeKIEUESY" target="_blank">as Bruce Schneier points out in this paper/article</a>, it becomes evident that DPI techniques are falling behind. You will be surprised how difficult it is to silently decrypt traffic of an SSH tunnel with moderately adequate encryption. You can setup something like this between two cloud hosts, even amongst different cloud providers and protect your voice, ephemeral chat communication and everything else that is important to you. No man in the middle will have an easy way into what your network packets really contain. This techniques have actually been employed successfully by knowledgeable individuals to bypass Government censorship and surveillance firewalls. Egypt, Iran and China are some notable examples.<br />
<br />
For factor c), I am sure you must have had an example of false negative or positive in your anti-virus software. If not, you are an extremely lucky person. Are you a sysadmin of an IDS/IPS/firewall system? You should also be very lucky if you never dealt with a signature/rule that let bad traffic in or kept good/legitimate traffic out. It works the same way with surveillance mining algorithms. They are not perfect and they suffer from the same problems: wrong things are flagged up as dangerous and many dangerous things are not flagged at all. <a href="http://nz.linkedin.com/pub/gehan-gunasekara/a/ab8/884/" target="_blank">Associate Professor Gehan Gunasekara</a> suggested that the public should try and test this susceptibility of the surveillance mining algorithms by <a href="http://www.nzherald.co.nz/opinion/news/article.cfm?c_id=466&objectid=10908579" target="_blank">polluting their Bayasian analysis modules and cause them to flood them with false negatives</a>. I do not suggest that you do that, but I mention this as a sign of proof that the susceptibility is there and with or without disobedience, the problems exists.<br />
<br />
Hopefully, you are convinced now that the claim of the "hero" Snowden is not exactly accurate and that if you take reasonable precautions and trust high stakes information to professionals, you can have a company protecting your digital assets. Not everything is point and click for a Government surveillance analyst and unless you do something really sinister, you can go and do your daily business without feeling threatened or be hysterical.<br />
<br />
I would like to close with a statement which is even more serious than the previous ones. The closure of Lavabit is wrong. Innovative businesses that protect the privacy of individuals that have a non threatening interest to protect their private/business information is a core value of the information society. The US administration needs to understand that if they kill the trust of the public to privacy protecting businesses, they are going to strike a big blow at the heart of their digital economy. Whatever the issue was with Lavabit, it can be solved by<br />
<br />
i)strengthening the admission requirements to such services and<br />
ii)dealing more effectively within their own infrastructures with the problem of rogue insiders. Technologies to aid that process do exist!<br />
<br />
After all, a stark contrast between Ladar Lavison and Edward Snowden is that the first complied with the law and offered a service to the people. Edward Snowden also offered a service to the people, but that is not his whistle blowing act. That was his personal choice. That's exactly why the first one is a professional and the second is a rogue insider. That is also why I would entrust my email data to Lavabit.</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br /></div>
</div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-3782463503477130282013-06-15T04:40:00.000-07:002013-06-15T04:40:37.484-07:00Τι θα έλεγε (είπε) ο Μάνος Χατζιδάκις για το κλείσιμο της ΕΡΤ<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
<br />
<iframe frameborder="0" height="340" scrolling="no" src="http://livemanager.eurovision.edgesuite.net/ert/index.html?tag=aHR0cDovL2xpdmVtYW5hZ2VyLmV1cm92aXNpb24uZWRnZXN1aXRlLm5ldC9lYnUveG1sL2VydC54bWw7MTE2NzE%3D" width="480"></iframe>
</div>
<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Σήμερα συμπληρώνονται 19 χρόνια απο το θάνατο του Μάνου Χατζιδάκι και το Τρίτο Πρόγραμμα δεν υπάρχει. Για να πούμε και "του στραβού το δίκιο" (συγγνώμη για την καυστικότητά μου, ξέρετε ποιον εννοώ, αλλά το εννοώ μεταφορικά), τα κόκκαλα του Μάνου θα έτριζαν με αυτά που έβλεπε να γίνονται μέσα στην ΕΡΤ. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Ο ίδιος άλλωστε τα είχε πει δέκα χρόνια πριν το θάνατό του, το 1984. Τις απόψεις αυτές τις είχα συνοψίσει <a href="http://epistolatory.blogspot.no/2010_07_01_archive.html" target="_blank">εδώ σε ένα άρθρο μου</a> για την 36η επέτειο της αποκατάστασης της Δημοκρατίας. Ανατρέψτε σε αυτές και θα δείτε έναν Μάνο απογοητευμένο, αλλά διορατικό, κυνικό αλλά ρεαλιστή.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Μέσα στην αναμπουμπούλα, τη συγκίνηση και αυθόρμητη συμπαράσταση του κόσμου στην ΕΡΤ για το αντιδημοκρατικό κλείσιμό της (σε καμια πολιτισμένη χώρα δεν υπήρξε ποτέ απόφαση να κλείσει η δημόσια ραδιοτηλεόραση σε λιγότερο απο 24 ώρες, χωρίς καν να συζητηθεί το θέμα απο τους πολιτικούς της δημόσια) πρέπει κάποιος να αντιπαραθέσει το γεγονός ότι η ΕΡΤ δεν λειτουργούσε όπως έπρεπε. Μπορεί να μην ήταν ελλειματική, αλλά ο διορισμός δικών μας παιδιών, η υπερκοστολόγιση παραγωγών σε βάρος του Έλληνα φορολογούμενου, ο άκρατος κομματικός συνδικαλισμός (ειδικά στο Δημοσιογραφικό τομέα) ήταν γεγονός και εξίσου αντιδημοκρατικός με το κλείσιμό της.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Τα κόκκαλα του Μάνου όμως θα έτριζαν και με τον άκρατο φασισμό, με τον τρόπο που επέλεξε ο Πρωθυπουργός Αντώνης Σαμαράς να κλείσει/αναδιοργανώσει/επανιδρύσει (πείτε το όπως θέλετε) την ΕΡΤ. Η αποστολή ΜΑΤ σε πομπούς για να κλείσουν το σήμα, ο προπυλακισμός πολιτών και δημοσιογράφων για να βγούν απο τα κτίρια και τις εγκαταστάσεις της ΕΡΤ, η μη ύπαρξη διαβούλευσης επι του θέματος στη Βουλή των Ελλήνων είναι μια λογική τριάδα επιχειρημάτων που δικαιολογεί το χαρακτηρισμό "άκρατος φασισμός". Έστω και εαν αυτός ο φασισμός αυτή τη στιγμή δεν αντιπαραβάλλεται με τον επίσης άκρατο, αντιπαραγωγικό και αντιδημοκρατικό τρόπο λειτουργίας των κομματικών συνδικάτων της ΕΡΤ.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Υπάρχει όμως και κάτι άλλο κατά του Πρωθυπουργού, το οποίο δημιουργεί λύπη και είναι περίτρανη απόδειξη της αποτυχίας του να ελέγξει μια κατάσταση όπως η ΕΡΤ, διότι υπάρχουν πολλές ΕΡΤ στο δημόσιο τομέα στην Ελλάδα. Είναι το πρόσωπο του ολοκληρωτισμού, της κοινωνικής στάμπας, της λογικής του ότι μαζί με τα ξερά πρέπει να καίγονται και τα χλωρά. Όλοι στην ΕΡΤ είναι χαραμοφάηδες; Δεν επέδειξε η ΕΡΤ, έστω και με τον καρπό κλάσματος των εργαζομένων της έναν πολιτισμό, ένα αρχείο παρακαταθήκη για τη χώρα; Εγώ, μέχρι σήμερα, ΔΕΝ έχω ακούσει καλύτερο ραδιόφωνο απο το Τρίτο. </div>
<div style="text-align: center;">
<br /><iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/oMpx9jzNt_U" width="420"></iframe>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Η αποφυγή ενος τέτοιου ολοκληρωτισμού είναι μέρος της καρδιάς ενός Δημοκρατικού πολιτεύματος. Είναι αυτή που επιβραβεύει τους ευσυνείδητους επαγγελματίες και χαντακώνει τους ασυνείδητους πραγματικούς χαραμοφάηδες που δεν έχουν θέση σε ένα δημόσιο αξίωμα. Απόδειξη για τους πρώτους αποτελούν αυτά που είδαμε και βλέπουμε, όσο η ΕΡΤ είναι κλειστή. Με τους μουσικούς των συνόλων να παίζουν κλαίγοντας, τους μηχανικούς και τεχνικούς της ΕΡΤ που πασχίζουν να συνεχίσουν με τα 1000 Ευρώ το μήνα και το οικογενειακά βάρη απο πίσω τους, το έργο της ΕΡΤ.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Για να επαναλάβω δυο λόγια απο το Μάνο κλείνοντας </div>
<div style="text-align: justify;">
- Για τη δημόσια διοίκηση είπε "Είναι χρόνια η αρρώστια μας και θα υπάρξει για χρόνια. Δεν ξέρω τι είναι
εκείνο που θα τα αλλάξει τα πράγματα και θα τα προχωρήσει."</div>
<div style="text-align: justify;">
-Για τη Ελλάδα είπε "<i>Η Ευρωπαική ενότητα τι νομίζετε οτι είναι; Θα γίνουμε μια επαρχία
στην οποία θα μας διοικεί η Ευρώπη. Και θα χουμε μια ψευδαίσθηση οτι
συνδιοικούμεθα στην Ευρώπη. Λοιπόν αυτή δεν είναι μια σκλαβία;"..."</i><i>Υπάρχει καμιά εγγύηση σωστής ανάπτυξης στον τόπο αυτό; Ποτέ!...Περι
τουρκοκρατίας λοιπόν, ασφαλώς θα είναι μια μορφή της Ευρωπαικής μας
θητείας, που βέβαια δε θα μπορέσουμε ποτέ να απαλλαγούμε ούτε να
ελευθερωθούμε, διότι θα είναι επιλογή μας, διότι επι τουρκοκρατίας έγινε
υποταγή μας. Αυτή είναι η διαφορά!"</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Πόσο δίκιο είχε αυτός ο άνθρωπος 29 χρόνια πριν τη σημερινή μέρα! Τελεία και παύλα.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
</div>
</div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-9855172826167478352013-06-09T11:28:00.003-07:002013-06-09T12:19:12.633-07:00Security of Linux systems and privacy today <div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
In this article, I am not arguing on whether Linux (or Android, or iOS and any other operating system) is the most suitable platform to entrust your data and personal communications today. Look for such dogmatic views elsewhere. I like, use and develop Linux systems, but I have been in business long enough to realize that security (and privacy as part of it) is a lot more complex business than choosing carefully your OS platform. Instead, I shall attempt to walk through some real world examples of certain sysadmin practices and security assumptions that have failed the Linux platform. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
During the first week of June 2013 we found that <a href="http://www.hetzner.de/en/" target="_blank">Hetzner</a>, one of the largest web hosting providers in Europe, has had<a href="http://www.h-online.com/security/news/item/Hetzner-web-hosting-service-hacked-customer-data-copied-1884574.html" target="_blank"> its server security compromised</a>. As a result, server password hashes and other sensitive data went into the hands of third party individuals, who obviously designed the malware vector and stroke gold. The extent of the information breach at Hetzner is still unknown as I write this. Obviously, being compromised is not good, but not knowing the extent of the compromise is worse. While I do not have data for other ISPs and web hosting providers, I strongly suspect that there will be other companies in the same line of business that were affected by this attack. The use of the Plex panel, PHP/Apache/SSH stacks is widespread </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The attack vector that affected the Hetzner folks targeted Apache and openssh servers and <a href="http://www.webhostingtalk.com/showthread.php?t=1273461" target="_blank">quoting Martin Hetzner</a> '<i>the "backdoor" exclusively infects the RAM...the infection neither modifies the binaries of the service which has been compromised, nor does it restart the service which has been affected. The standard techniques used for analysis such as the examination of checksum or tools such as "rkhunter" are therefore not able to track down the malicious code</i>'. If this proves to be true (they have yet to conclude with their investigation at the time of writing), the real eye opener here is not that Hetzner got hacked. The real eye opener is that we <b>have an effective RAM based Linux rootkit that affects essential services</b> (such as http, https and ssh). </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Six months ago, Steelcyber Scientific, a company that I consult for <a href="http://www.steelcyber.com/?q=node/17" target="_blank">was one of the first to detect and mitigate for another Apache based exploit</a> that installed rogue SSH servers and fished for customer usernames and passwords. Admittedly although less sophisticated, the older exploit was still successful in targeting the same services (sshd and httpd). I made various statements then in customers and IT journalists that people need to start taking Linux server security seriously. <b>The success of Linux in the server and web hosting business has been providing an ideal target for malware writers for a number of years now, contrary to the popular (?) belief that exploits are mainly written for Windows (Android and iOS/OSX systems recently)</b>.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I am sure that this trend is going to continue, so I shall need to justify now what I mean by taking Linux security seriously.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>One of the most frequently encountered pitfalls that make Linux systems vulnerable to various types of attacks is that most sysadmins still turn <a href="http://en.wikipedia.org/wiki/Security-Enhanced_Linux" target="_blank">SELinux</a> off</b>. Yes, even experienced ones, that do keep their software updated. Yes, even after 10 years since its introduction to the mainstream Linux kernels. Many hosting providers allow customers to do that. Many of the attacks (and certainly the two previously described ones) could have been repelled if proper SELinux policies were in place. An SSH rogue server could not run in /tmp if SELinux is on. An i-frame injection could compromise Apache but could not install/execute files in any system directory. Yes, it is annoying to install/troubleshoot new or upgraded software with SELinux. The Permissive SELinux mode is your friend to find and correct those issues keeping things contained. When you are done, make sure that the Enforcing mode is back on. Don't just turn it off and rely on traditional Unix and filesystem ACLs to contain things. This does not work.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I am not sure what your view is about logging/auditing systems in Unix and Linux, but I consider that <b>the current utilities are not suitable for providing accountability </b>on which process/user account does what in the system. In addition, <b>today's common log/audit utilities do not allow sysadmins, devops and security experts to construct a forensic post-intrusion/breach picture, so that the extent of information leaks/intrusion is better understood and contained fast</b>. I argue in favour of a better logging/auditing approach in <a href="http://folk.uio.no/georgios/papers/LUARM-WDFIAfinal.pdf" target="_blank">this science paper</a>. The end product, <a href="http://sourceforge.net/projects/luarm/" target="_blank">LUARM</a>, is a different philosophy of what to log and how you can search it. We have employed LUARM successfully in monitoring and forensically examining a number of systems, and frankly, we have had great success in realizing fast what happened. If you compare that to traditional syslog approaches, well, good luck, you will have a lot more to examine and filter manually and one day you might find it what actually happened in your systems.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The final point I am trying to raise relates to authentication. Most production Linux systems today employ some sort of <a href="http://en.wikipedia.org/wiki/Pluggable_authentication_module" target="_blank">PAM</a> complying approach to authenticate users. This is likely not a Single Sign On (SSO) solution. It is also likely that it only uses a username and password combination or an (D)/(R)SA key tied to a client machine. Whether you have a local/LDAP/(NIS, NIS+ if you are really oldie)/AD backend implementation is not relevant. The relevant bit concerns two facts:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
i)The use of only a username and password or username/client/cryptographic key</div>
<div style="text-align: justify;">
ii)The widespread exposure of the front end daemon (Apache, SSH) in the Internet</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
(Please understand that I am referring to what is common practice, if you are a cautious sysadmin of a large installation, you probably do things differently.) </div>
<div style="text-align: justify;">
A person once told me: "I use a secure login because I always SSH to the system". I replied rather cynically to that statement. The same person (OK, you know who you are :-) ) uses Skype for communicating with his family because the encryption is adequate. On the other hand, the same person is absolutely disgusted that <a href="http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order" target="_blank">Verizon turned his/her phone records to NSA</a>. So, I cannot stop being cynical here.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I am not going to go through the theory of why a cryptographically enabled endpoint pair is more secure than a plain text endpoint pair, but still is not secure. Encryption aids security. It is not by itself security and if people do not get that point, they should look at what happened to Hetzner (and other providers that entrusted their security solely on an SSH frontend). The point here is that an entire industry lays all their eggs and/or applies the rule 'one size fits all' when it comes to matching the sensitivity of data, the exposure of the authentication front-end and the criteria of authentication. If you go to share hosting/cloud provider today, the main question is not what data you are going to store there, but what size of CPU/RAM and storage you need. The end result of this is that on cloud provider hard drives today, you can find anything: From personal information (pictures, videos), valuable Intellectual Property, to - I suspect - nuclear missile location details. Yet, nobody has checked the strength of the authentication procedure. You want two factor authentication? Good, build it yourself.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>To sum up, proper containment policies. forensically enabled auditing and monitoring, as well as an authentication scheme that is suitable to the sensitivity of the data/services deployed in Linux infrastructures is missing today. If these issues are not addressed, perfectly adequate penguins can leak your information to skilled individuals. Make sure you address these issues with your IT team(s). Stay safe!</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
</div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com1tag:blogger.com,1999:blog-2248117304334958898.post-22389905140114286762012-12-25T10:23:00.002-08:002012-12-26T03:15:51.619-08:00KVM hosted virtual servers using bridging: theory and practice<div dir="ltr" style="text-align: left;" trbidi="on">
<div>
<div>
<div style="text-align: justify;">
If you are a systems or networks administrator that:</div>
<ul style="text-align: left;">
<li>works in enterprise data centers or </li>
<li>someone that wants to deploy virtual servers in a newly acquired multi-core server using RHEL 6 and nothing more than the Linux <a href="http://www.linux-kvm.org/page/Main_Page" target="_blank">KVM</a> and RedHat's basic virt-manager application and/or </li>
<li>you wish to gain an understanding of KVM's virtual networking architecture</li>
</ul>
<div style="text-align: justify;">
then this article/technical walkthrough is for you. Most of these techniques will work on other Linux distributions besides RHEL 6. Admittedly, there are more user friendly, free and commercial tools that allow you to deploy virtual machines. The usual suspects include <a href="http://www.vmware.com/products/vsphere/esxi-and-esx/index.html" target="_blank">VMware</a>, <a href="http://www.redhat.com/products/virtualization/server/" target="_blank">RedHat</a>, <a href="https://www.virtualbox.org/" target="_blank">Oracle</a>, <a href="http://www.parallels.com/eu/products/server/baremetal/sp/" target="_blank">Parallels</a> that provide industrial strength solutions with intuitive point-and-click interfaces that make the setup of virtual machines an easy task.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
However, I like to keep my production server software stack as simple as possible. Those of you that had to troubleshoot VM performance or other problems and faced the 'ping-pong' between the virtualization and the OS vendors will know what I mean. Thus, I use KVM/qemu and virt-manager to cater for my VM needs. The downside is that these tools are less intuitive to use for the newcomer, but with a little bit of good documentation and practice, they can be effective. I draw this conclusion after looking around in various technical support threads and after browsing <a href="https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/index.html" target="_blank">RedHat's documentation on the subject</a>. The threads seem to confuse the various virtual switching modes and techniques when things could be done more easily with interface bridging. The same can be said for Redhat's Virtualization Administration Guide, which does a fairly good job detailing the Routed, NAT and isolated virtual networking modes (<a href="https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/chap-Virtualization_Administration_Guide-Virtual_Networking.html" target="_blank">Chapter 18</a>), however it fails to mention how bridging could be used for hosting virtual servers. I am going to spend the rest of the article to explain this in detail.</div>
<div style="text-align: justify;">
<br />
<h3 style="text-align: center;">
The Theory</h3>
</div>
<div style="text-align: justify;">
Let's be more specific now and explain what I mean when I say I need to deploy a fully networked virtual server. When you use the virt-manager application, it's easy to deploy a network enabled guest OS by means of using <a href="http://en.wikipedia.org/wiki/Network_address_translation" target="_blank">Network Address Translation (NAT)</a>. In fact, NAT (IP Masquerading, a specific mode of NAT) is the default guest OS virtual networking mode, using the IP address of the physical host server. </div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3khjAU7pMY1aJmmW6rp_sLoZRpGpJHCz-NM-pznS3UxoMloXZy9QXtU6COvqm5lf5RMYnYaEmQiEbXb3CCjiuXtaP0hi_ybM5BqSBfogeJgA1fHEdaj3SgUS3u5TAe4_b5NE2jWiHR8I0/s1600/KVMarticle01.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3khjAU7pMY1aJmmW6rp_sLoZRpGpJHCz-NM-pznS3UxoMloXZy9QXtU6COvqm5lf5RMYnYaEmQiEbXb3CCjiuXtaP0hi_ybM5BqSBfogeJgA1fHEdaj3SgUS3u5TAe4_b5NE2jWiHR8I0/s640/KVMarticle01.png" width="524" /></a></div>
<div style="text-align: center;">
<i><b>Figure 1 </b></i></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div style="text-align: justify;">
The figure above displays the networking data path traversal from the VM guests, all the way to the physical network/VLAN, when using the default virtual networking mode (NAT). Starting at the bottom of the figure, each guest has been assigned to a virtual network interface (vnetx). This is essentially a software implementation of an interface which is part of a virtual switch. At the other end of the virtual switch, a virtual bridge interface (virbr0) merges the traffic from the VMs and interfaces to the IPTABLES module which performs the actual NAT. At the end, you have the eth0 physical interface which carries the packets to the actual wire. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In this scenario, your guest OS will have outbound network connectivity. Should you wish to enable inbound network connectivity, you will fail. It is possible to perform other tricks and enable port forwarding/SNAT/DNAT to enable inbound connections. However, this is cumbersome. As a result, my definition of deploying a proper virtual server resembles the following aspects of a true physical server:</div>
<ul style="text-align: left;">
<li>You have a physical MAC address tied to a network/VLAN broadcast domain</li>
<li>You can deal with that MAC address in any way you would deal with a true physical NIC: ARP, assign a static IP, (static) DHCP, etc.</li>
<li>You can have unrestricted outbound and inbound network access within that network/VLAN broadcast domain, a must requirement for a server system.</li>
</ul>
</div>
In order to achieve this, we need to employ the technique of interface bridging. For references on bridges, you can consult a variety of sources such as:<br />
i)The <a href="http://en.wikipedia.org/wiki/IEEE_802.1D" target="_blank">IEEE 802.1D standard</a><br />
ii)The older (out of date but still useful) <a href="http://www.tldp.org/HOWTO/html_single/Ethernet-Bridge-netfilter-HOWTO/" target="_blank">Ethernet Bridge + netfilter HOW TO</a> from TDLP.<br />
iii)A copy of A. S. Tanenbaum's <a href="http://www.amazon.co.uk/Computer-Networks-Andrew-S-Tanenbaum/dp/8177581651/ref=sr_1_1?s=books&ie=UTF8&qid=1356445556&sr=1-1" target="_blank">Computer Networks </a>classic textbook. <br />
However, prior explaining how this works, let's throw in a realistic production environment scenario.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijBqoKlMV8LCd4g25jb6yDGdhyphenhyphenUArDpmCOsnykmGnKKL0pQs-yRZ0R3uTLnd7dXYRkkxdkZC99C-TcC2sFrLmsHvJsyMZO9dQ0ZwqeoangFYNYB0ulPNhGc0WHAt-oCq2QJWRES_jHmZok/s1600/KVMarticle02.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="452" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijBqoKlMV8LCd4g25jb6yDGdhyphenhyphenUArDpmCOsnykmGnKKL0pQs-yRZ0R3uTLnd7dXYRkkxdkZC99C-TcC2sFrLmsHvJsyMZO9dQ0ZwqeoangFYNYB0ulPNhGc0WHAt-oCq2QJWRES_jHmZok/s640/KVMarticle02.jpg" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div style="text-align: center;">
<i><b>Figure 2</b></i></div>
<br />
<div style="text-align: justify;">
Figure 2 displays the network topology of a production VM server scenario. There are two networks. One Class C internal (192.168.14.24), where hosts may or may not have outbound connectivity. Inbound connectivity to this network is prohibited by the top server which offers FTP, DMZ, FIREWALL, DHCP, and DNS services on the INTERNAL net. The other network is a world routable Class B (129.230/16). </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The VM host server needs to serve a number of virtual servers that have different network access criteria:</div>
<div style="text-align: justify;">
<br /></div>
<ul style="text-align: justify;">
<li><b>Guest_01</b>: Linux server to run an LAMP stack, exposed on the internal network.</li>
<li><b>Guest_02</b>: Development Windows 7 box, which needs to be accessible via non standard port ranges on the internal network, but also needs Internet access.</li>
<li><b>Guest_03</b>: Legacy <a href="http://en.wikipedia.org/wiki/SCADA" target="_blank">SCADA</a> Windows XP based system which needs to be accessible only via the internal network.</li>
</ul>
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
Clearly, Guest_01 is the least restricted system, so it makes sense to place it on the INTERNET/EXTERNAL Class B net. Guest_02 needs some protection so the outside folks cannot reach it, only it should reach the outside world by means of IP Masquerading, by using the Public routable IP of the FTP/DMZ/FIREWALL/DHCP/DNS server (129.230.135.131). Thus, it's a candidate for the INTERNAL Class C net. The same goes for Guest_03, which is the most isolated environment we need to protect, accessible only by INTERNAL network hosts.</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
At this point, it is useful to modify Figure 1 to illustrate the virtual network data path of our new scenario. </div>
<div style="text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicvhh0jC4XKpQ-12866DGoUo6Mp0EBNcdDkTAztRHxm7FT87sLbH_LTF3twvpdYBnGst7htrD39KBwpJqEEdNS83jNqacXzZjsS58F64tenBag3aYAryopO81Lm0Y3kcD3zhPMxlLawPOs/s1600/KVMarticle03.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicvhh0jC4XKpQ-12866DGoUo6Mp0EBNcdDkTAztRHxm7FT87sLbH_LTF3twvpdYBnGst7htrD39KBwpJqEEdNS83jNqacXzZjsS58F64tenBag3aYAryopO81Lm0Y3kcD3zhPMxlLawPOs/s640/KVMarticle03.jpeg" width="490" /></a></div>
<div style="text-align: center;">
<i><b>Figure 3</b></i></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: justify;">
Figure 3 above illustrates the virtual network data path of our production scenario (Figure 2). In this case, instead of the virbr0 we have bridging modules bound to physical interfaces. Each physical interface is connected to the proper network/VLAN and has a bridge bound to it (we will illustrate how this is done). The role of the bridge is to create a data channel and forward traffic between the vnetx interfaces of the virtual switch and the physical interfaces. The objective is to enable the MAC address of the Guest_X machines to connect to the actual physical network/VLAN, as stated earlier. As a result, via bridge br3, we enable the virtual servers Guest_02 and Guest_03 for the internal network and via br4, we connect Guest_01 to the external world. </div>
<div style="text-align: justify;">
<br />
<h3 style="text-align: center;">
The practice</h3>
</div>
<div style="text-align: justify;">
The previous section presented the theory. It's time now for the hands-on practical part. First of all, if you are dealing with a fresh installation, make sure you yum install the following groups, in order to have the full range of virtualization utilities and install your guests.</div>
<code>
</code>
<br />
<div style="text-align: justify;">
<b><code>yum groupinstall Virtualization "Virtualization Client" "Virtualization Platform" "Virtualization Tools"</code></b></div>
<code>
</code>
<br />
<div style="text-align: justify;">
You should also install the bridge utilities, as they are needed:</div>
<code>
</code>
<br />
<div style="text-align: justify;">
<b><code>yum install bridge-utils</code></b></div>
<code>
</code>
<br />
<div style="text-align: justify;">
The next thing you should ensure is that you have enough physical network interfaces on your VM host server. In order to implement our production scenario, Figure 2 indicates clearly that we need four Ethernet NIC ports: Two of them (eth2, eth3) are used to enable the server to have IP connectivity and routing on both networks. In contrast, eth4 and eth5 will be dedicated to carry the virtual server traffic.<br />
<br />
We will <u><b>not</b></u> need IP addresses for interfaces eth4 and eth5. They will be brought up only to carry the bridged VM traffic. Make sure you identify the NIC ports properly and connect them to the proper network/VLAN Ethernet switch ports. To do that, you can remove their network cables and use the ethtool command to blink the NIC lights on the server side by doing a:<br />
<code>
<b>ethtool -p eth4</b><br />
</code>
<br />
and<br />
<code>
<b>ethtool -p eth5 </b></code><br />
<br />
to respectively identify the proper NIC ports. The next step is to connect them to the proper switch ports. In principle, once you identify the NIC port side with ethtool you should be OK. In practice, it is easy to make mistakes in messy/unlabelled network panels. Thus, after connecting the cables to the switch ports, one easy check is to bring the interface to promiscuous mode and watch for traffic indicating you are indeed on the right network/VLAN, by doing things like:<br />
<code>
<b>tcpdump -i eth4 </b></code><br />
<br />
and amongst the rest of the traffic, you would get something like the ARP or UDP broadcasts below confirming that eth4 is indeed on the internal network (Figures 2 and 3):<code></code><br />
<code><br /><b>tcpdump: WARNING: eth4: no IPv4 address assigned<br />tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br />listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes<br />16:51:47.089529 ARP, Request who-has intfn1.internal.net tell esxfarm.internal.net, length 46<br />16:51:47.407363 STP 802.1d, Config, Flags [none], bridge-id 8005.00:1e:14:e6:48:80.800a, length 43<br />16:51:49.936209 IP winsys01.internal.net.17500 > 255.255.255.255.17500: UDP, length 119<br />16:51:49.936588 IP winsys02.internal.net.17500 > 192.168.14.255.17500: UDP, length 119</b></code><br />
<br />
Now that the cables are connected properly we can start configuring the Ethernet bridges. A bridge is just another interface and the best way to configure this on a RHEL 6 system is by getting your hands dirty. Go right under the <b>/etc/sysconfig/network-scripts</b> directory and use your favourite text editor (vim, nano, Emacs) to make two files, one for each bridge interface device<br />
<br />
<b>ifcfg-br3</b> with the following contents:<br />
<code>
<b>DEVICE=br3<br />BOOTPROTO=none<br />TYPE=Bridge<br />ONBOOT=yes<br />DELAY=0</b><br />
</code>
<br />
<b>ifcfg-br4</b> with the following contents:<br />
<code>
<b>DEVICE=br4<br />BOOTPROTO=none<br />TYPE=Bridge<br />ONBOOT=yes<br />DELAY=0</b><br />
</code>
<br />
<br />
This takes care of the bridge interface declaration. What's left is to associate the newly defined bridges with the right physical interface. Thus, under the same directory (/etc/sysconfig/network-scripts), we create two more files:<br />
<br />
<b>ifcfg-eth4</b> with the following contents:<br />
<code>
<b>DEVICE=eth4<br />HWADDR=00:10:18:31:5A:5B<br />NM_CONTROLLED=no<br />ONBOOT=yes<br />BRIDGE=br3</b></code><br />
<br />
<b>ifcfg-eth5</b> with the following contents:<br />
<code>
<b>DEVICE=eth5<br />HWADDR=00:10:18:19:4F:5C<br />NM_CONTROLLED=no<br />ONBOOT=yes<br />BRIDGE=br4</b></code><br />
<br />
In short, with these four files we ensure that we have a persistent config where all interfaces (bridges and physical ones) are up on boot and we associate br3 to eth4 and br4 to eth5 (Figure 3). Fans of the brctl utility could also achieve the same result by doing a:<br />
<br />
<code>
<b>brctl addbr br3<br />
brctl addif br3 eth4<br />
brctl addbr br4<br />
brctl addif br4 eth5</b></code><br />
<br />
At that point, it is good to issue a:<br />
<br />
<code>
<b>service network stop; service network start</b></code><br />
<br />
and check that the bridges and physical interfaces are up and available by issuing an ifconfig command. If all is well, you should see output like the one below (I have excluded some of the non relevant output for length reduction purposes):<br />
<br />
<code>
<b>br3 Link encap:Ethernet HWaddr </b></code><b><code><span style="color: red;"><code>00:10:18:31:5A:5B</code></span> <br /> inet6 addr: fe80::210:18ff:fe31:5a4b/64 Scope:Link<br /> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br /> RX packets:386265 errors:0 dropped:0 overruns:0 frame:0<br /> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0<br /> collisions:0 txqueuelen:0 <br /> RX bytes:46672357 (44.5 MiB) TX bytes:578 (578.0 b)<br /><br />br4 Link encap:Ethernet HWaddr </code><code><span style="color: magenta;"><code><code><code>00:10:18:19:4F:5C</code></code></code></span> </code></b><br />
<b><code> inet6 addr: fe80::210:18ff:fe19:4f33/64 Scope:Link<br /> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br /> RX packets:616409 errors:0 dropped:0 overruns:0 frame:0<br /> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0<br /> collisions:0 txqueuelen:0 <br /> RX bytes:58946648 (56.2 MiB) TX bytes:578 (578.0 b)<br />...<br /><br />eth4 Link encap:Ethernet HWaddr </code><code><code></code><span style="color: red;"><code><code>00:10:18:31:5A:5B</code></code></span> <br /> inet6 addr: fe80::210:18ff:fe31:5a4b/64 Scope:Link<br /> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br /> RX packets:600933 errors:0 dropped:0 overruns:0 frame:0<br /> TX packets:128158 errors:0 dropped:0 overruns:0 carrier:0<br /> collisions:0 txqueuelen:1000 <br /> RX bytes:270119283 (257.6 MiB) TX bytes:10497306 (10.0 MiB)<br /> Interrupt:16 <br /><br />eth5 Link encap:Ethernet HWaddr </code></b><code><b><span style="color: magenta;"><code><code><code><code>00:10:18:19:4F:5C</code></code></code></code></span> <br /> inet6 addr: fe80::210:18ff:fe19:4f33/64 Scope:Link<br /> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<br /> RX packets:708614 errors:0 dropped:0 overruns:0 frame:0<br /> TX packets:9547 errors:0 dropped:0 overruns:0 carrier:0<br /> collisions:0 txqueuelen:1000 <br /> RX bytes:96954226 (92.4 MiB) TX bytes:986694 (963.5 KiB)<br /> Interrupt:16 <br /><br />...</b></code></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Note that all relevant interfaces are up and do not have an IP address . The second thing you should note is that the each bridge interface has the same MAC address as the physical interface it is associated with.<br />
<br />
If you have reached that point, you are almost done. What you need to do now is to build your virtual machines. I assume you are familiar with how to build VMs on virt-manager. If not, I have written a <a href="http://epistolatory.blogspot.no/2010/11/rhel-6-part-ii-installation-of-rhel-6.html" target="_blank">quick summary of the procedures</a>. Alternatively, if you have already existing VMs, you could reconfigure their networking to use the bridge interfaces. <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiHuYtSfvriaSSo8cpOjbJd_gIV-lN-cWAnv_2Ossn7XoTdFWjVnV3BtBPWvQcZIaGBPzqi3YvREt2cZsMZau0K-zCHTe1DIpd0Tq3GJMeVfDuRUaclUoVI7XWgiLrIHxp_-327nScgM_K/s1600/KVMarticle04.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="576" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiHuYtSfvriaSSo8cpOjbJd_gIV-lN-cWAnv_2Ossn7XoTdFWjVnV3BtBPWvQcZIaGBPzqi3YvREt2cZsMZau0K-zCHTe1DIpd0Tq3GJMeVfDuRUaclUoVI7XWgiLrIHxp_-327nScgM_K/s640/KVMarticle04.jpeg" width="640" /></a></div>
<div style="text-align: center;">
<i><b>Figure 4</b></i></div>
<br />
Figure 4 above illustrates the network config for Guest_02. Make sure that the 'Source device' is one the available vnet interfaces that connects to br3 and apply the changes. You can do the same for the rest of the virtual server VMs. When you are done, you can now check with the brctl utility the final configuration by doing a:<br />
<br />
<code>
<b>brctl show</b></code><br />
<br />
and you should get output similar to the one below:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIw1wXqLJvU3VPdpatE-gUnayIyy6XtY5TPXpCVGewNc56EDyck49IqBTzKGgg2r2vfKkOyVRV3lD-VGG6LY-d_ABwIoJmP_xc_Eup4aDLPLlkgq6dQK0nqdBy7u1o7vGqZHkBOmNDwF7V/s1600/KVMarticle05.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="131" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIw1wXqLJvU3VPdpatE-gUnayIyy6XtY5TPXpCVGewNc56EDyck49IqBTzKGgg2r2vfKkOyVRV3lD-VGG6LY-d_ABwIoJmP_xc_Eup4aDLPLlkgq6dQK0nqdBy7u1o7vGqZHkBOmNDwF7V/s640/KVMarticle05.jpeg" width="640" /></a></div>
<div style="text-align: center;">
<i><b>Figure 5</b></i></div>
<br />
Note the interfaces column which should correctly list all the physical and vnet interfaces associated to each bridge. When you fire up any of the virtual servers, you should be able to see it with its vnet's interface MAC address on the virtual network. Let's take Guest_02 as an example. From our VM host server console, we type:<br />
<br />
<code>
<b>[root@vmserver ~]# ping win01 <br />
PING win01.internal.net (192.168.14.23) 56(84) bytes of data.<br />64 bytes from win01.internal.net (192.168.14.23): icmp_seq=1 ttl=128 time=2.13 ms<br />64 bytes from win01.internal.net (192.168.14.23): icmp_seq=2 ttl=128 time=0.518 ms<br />^C<br />--- win01.internal.net ping statistics ---<br />2 packets transmitted, 2 received, 0% packet loss, time 1360ms<br />rtt min/avg/max/mdev = 0.518/1.324/2.131/0.807 ms<br />[root@vmserver ~]# arp -a | grep win01<br />
win01.internal.net (192.168.14.23) at 52:54:00:28:23:af [ether] on eth2</b><br /><br />
</code>
Note Guest_02's MAC address from Figure 4. That's the one replying and bridged into the internal network. This means that for all intents and purposes, Guest_02 is just another server on the internal network. Mission accomplished.<br />
<br />
Happy KVM sponsored virtual server hosting!</div>
<div style="text-align: justify;">
</div>
</div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com11tag:blogger.com,1999:blog-2248117304334958898.post-78964432803972655502012-08-03T10:52:00.004-07:002012-12-25T11:06:00.443-08:00The bioinformatics sysadmin craftmanship: An EMBOSS 6.5 production server install: Part 2: EMBOSS database access setup<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6grpX_wrtRVBg6eoseRCGhK2cc0GrKTRKcPMI8MKyVyBc9lQsdegPNNU6_z5aVGhEJAdlT2KfnCrWCQ4-1wtBKd6kVlBjiRnUWQsZe3_cAMzrmcLT1YsT6iVrwhpPvJphiIhb0zpl21Bm/s1600/emboss.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="129" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6grpX_wrtRVBg6eoseRCGhK2cc0GrKTRKcPMI8MKyVyBc9lQsdegPNNU6_z5aVGhEJAdlT2KfnCrWCQ4-1wtBKd6kVlBjiRnUWQsZe3_cAMzrmcLT1YsT6iVrwhpPvJphiIhb0zpl21Bm/s400/emboss.jpg" width="400" /></a></div>
<h3 style="text-align: left;">
<span class="st">EMBOSS Database configuration</span></h3>
<span class="st"><a href="http://epistolatory.blogspot.no/2012/07/a-linux-emboss-65-production-server.html" target="_blank">Part 1</a> of this article series covered a basic installation of EMBOSS from sources. The
configuration of EMBOSS databases merits a separate article Part as
it requires some knowledge of the indexing process and the various
mechanisms to download and index flat file databases. Correspondence
from the EMBOSS mailing list shows that this is a topic that confuses
users and admins frequently. Thus, we are going to take a detailed look
at it.</span><br />
<br />
<h3 style="text-align: left;">
Remote data access methods and the emboss.default file</h3>
<span class="st">If
you would like a recap of what is a flatfile database and what EMBOSS
can do for you in terms of accessing indexed flatfile databases, you
might like to take a look at some of the lectures I have given on the
subject (<a href="http://folk.uio.no/georgios/other/mrskurs.pdf" target="_blank">slides</a>,
video). EMBOSS is not the fastest and most efficient way to index your
flatfile databases. You should look at something like <a href="http://epistolatory.blogspot.no/2011/12/bioinformatics-sysadmin-craftmanship.html" target="_blank">MRS</a> and similar
systems to have a more efficient way to index and perform comprehensive
queries on flatfile databases. In fact, EMBOSS can access MRS indexed
databases and in my opinion, this is better than a pure EMBOSS index
system in many perspectives (speed of indexing/quering the index,
storage efficiency etc). Nevertheless, EMBOSS does its job and this
section describes only the process of indexing flatfile databases by
using exclusively EMBOSS utilities.</span><br />
<br />
<span class="st">One thing you need to understand is that in order to have access to indexed flatfile databases, you do not always have to index them locally. The EMBOSS applications support a variety of remote data retrieval methods to many useful datasets. Amongst the most popular of them we have:</span><br />
<ul style="text-align: left;">
<li><span class="st"><b>MRS methods (mrs, mrs3 and mrs4)</b>: These allow you to search an MRS based index on a local or remote server.</span></li>
</ul>
<ul style="text-align: left;">
<li><span class="st"><b>DBFETCH method (dbfetch)</b>: Supported by <a href="http://www.ebi.ac.uk/Tools/dbfetch/dbfetch/" target="_blank">servers at EBI</a>. </span></li>
</ul>
<ul style="text-align: left;">
<li><span class="st"><b>WSDBFETCH method (wsdbfetch)</b>: A <a href="http://www.ebi.ac.uk/Tools/webservices/services/dbfetch" target="_blank">SOAP based EBI service</a> similar to the DBFETCH method.</span></li>
</ul>
<ul style="text-align: left;">
<li><span class="st">BIOMART method (biomart): Using the <a href="http://www.biomart.org/index.html" target="_blank">Biomart service</a>. </span></li>
</ul>
<div>
<br />
<div>
<span class="st">To understand how to engage/activate these different data access methods, you will need to become familiar with the 'emboss.default' file. <a href="http://epistolatory.blogspot.no/2012/07/a-linux-emboss-65-production-server.html" target="_blank">Part 1</a> of this article mentioned that the EMBOSS installation directory was under: /usr/lsc/emboss . You will need to navigate to the following directory:</span><br />
<span class="st"><br /></span>
<i><b><span class="st">/usr/lsc/emboss/share/EMBOSS</span></b></i><br />
<span class="st"><br /></span>
<span class="st">When you install EMBOSS for the first time in your system, you will see amongst others two files:</span><br />
<br />
<ul style="text-align: left;">
<li><span class="st"><b>The 'emboss.default.template' file</b>: This is a sample configuration file which shows the EMBOSS admin how to define databases. We will explain more in the process, but you can use this file as a reference to see many examples of how to configure properly various types of EMBOSS databases.</span></li>
<li><span class="st"><b>The emboss.standard file</b>: This file also contains valid EMBOSS database configuration entries. However, the database definitions are included by default in your current setup.</span></li>
</ul>
<span class="st">The idea is that you have some default entries in the emboss.standard file which are included in your database list. So, if on your shell you issue a:</span><br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
<i><b><span class="st">showdb</span></b></i></div>
<br />
<span class="st">you will immediately get the following list of database entries by default:</span><br />
<br />
<i style="font-family: "Courier New",Courier,monospace;"><b>Display information on configured databases<br /># Name Type ID Qry All Comment<br /># ============= ======== == === === =======<br />taxon Taxonomy OK OK OK -<br />drcat Resource OK OK OK -<br />chebi Obo OK OK OK -<br />eco Obo OK OK OK -<br />edam Obo OK OK OK -<br />edam_data Obo OK OK OK -<br />edam_format Obo OK OK OK -<br />edam_identifier Obo OK OK OK -<br />edam_operation Obo OK OK OK -<br />edam_topic Obo OK OK OK -<br />go Obo OK OK OK -<br />go_component Obo OK OK OK -<br />go_function Obo OK OK OK -<br />go_process Obo OK OK OK -<br />pw Obo OK OK OK -<br />ro Obo OK OK OK -<br />so Obo OK OK OK -<br />swo Obo OK OK OK -</b></i><br />
<br />
<br />
<span class="st">If you wish to define any additional databases beyond this default list, you should create an emboss.default file, using the file 'emboss.default.template' as your reference (we are going to explain how shortly). </span></div>
<div>
<br />
<span class="st">For now let's focus on these default databases defined by the emboss.standard file. They are a good example of how the new EMBOSS 6.5 enables remote data access from a variety of global public servers out of the box (I assume your Internet connection is working, right?). Let's use the <a href="http://edamontology.org/#1.1" target="_blank">EDAM ontology</a> to retrieve data about an identifier. To do that I choose the <a href="http://emboss.sourceforge.net/apps/cvs/emboss/apps/ontotext.html" target="_blank">ontotext EMBOSS application</a> and I type:</span><br />
<div style="font-family: inherit;">
<span class="st">ontotext edam_data:0849</span></div>
<div style="font-family: inherit;">
<br /></div>
<div style="font-family: inherit;">
<span class="st">The resulting file (0849.ontotext) contains the info which is retrieved from available servers. Let's take a look at the emboss.standard file to see how the edam_data database is defined:</span></div>
<div style="font-family: inherit;">
<br /></div>
<div style="font-family: inherit;">
<span class="st"><i style="font-family: "Courier New",Courier,monospace;"><b>DB edam_data [<br /> type: "obo"<br /> format: "obo"<br /> method: "emboss"<br /> dbalias: "edam"<br /> namespace: "data|identifier"<br /> indexdirectory: "$emboss_standard/index"<br /> directory: "$emboss_standard/data"<br /> field: "id ! identifier without the prefix"<br /> field: "acc ! full name and any alternate identifier(s)"<br /> field: "nam ! words in the name"<br /> field: "isa ! parent identifier from is_a relation(s)"<br /> field: "des ! words in the description"<br /> field: "ns ! namespace"<br /> field: "hasattr ! identifier(s) from has_attribute relation(s)"<br /> field: "hasin ! identifier(s) from has_input relation(s)"<br /> field: "hasout ! identifier(s) from has_output relation(s)"<br /> field: "isid ! identifier(s) from is_identifier_of relation(s)"<br /> field: "isfmt ! identifier(s) from is_format_of relation(s)"<br /> field: "issrc ! identifier(s) from is_source_of relation(s)"<br />]</b></i><br />...</span></div>
<div style="font-family: inherit;">
<br /></div>
<div style="font-family: inherit;">
<span class="st"><i style="font-family: "Courier New",Courier,monospace;"><b>RES edamresource [<br /> type: "Index"<br /> fields: "id acc nam isa des ns hasattr hasin hasout<br /> isid isfmt issrc"<br /> acclen: "80"<br /> namlen: "32"<br /> deslen: "30"<br /> accpagesize: "8192"<br /> despagesize: "4096"<br />]</b></i><br /> </span></div>
<div style="font-family: inherit;">
<br /></div>
<div style="font-family: inherit;">
<span class="st">In general, an EMBOSS database definition has two main parts:</span></div>
<ul style="text-align: left;">
<li><span class="st"><b>The DB definition part</b>: It defines the name, type, format, access method and various fields of the database record.</span></li>
<li><span class="st"><b>The RES (resource definition) part</b>: Where the length of the various record fields is defined in the index. (<i>note that RES definitions are normally found towards the end of the file</i>). </span></li>
</ul>
<div style="font-family: inherit;">
<span class="st">The DB and RES fields go together for each database definition. In addition, for remote data access methods, a SERVER definition might be necessary to necessitate access to remote information repositories.</span></div>
</div>
<div>
<span class="st"><b>Step 9:</b>The 'emboss.default' file does not yet exist,so create it under the directory where the emboss.default.template. From now on, you will be editing the emboss.default file to define all aspects of the EMBOSS database configuration. Start with a minimal file like the one below:</span><br />
<br />
<span class="st"><i style="font-family: "Courier New",Courier,monospace;"><b>#############################################<br /># EMBOSS environment variables<br />#############################################<br /><br />SET emboss_tempdata /usr/lsc/emboss/share/EMBOSS/test<br /><br />DB martensembl [<br /> method: "biomart"<br /> type: "P"<br /> url: "http://www.biomart.org:80/biomart/martservice"<br /> dbalias: "hsapiens_gene_ensembl"<br /> format: "biomart"<br /> filter: "chromosome_name=13"<br /> sequence: "peptide"<br /> return: "ensembl_gene_id,description,external_gene_id,chromosome_name"<br />]</b></i><br /> </span><br />
<span class="st">Show here, we have defined the database 'martensembl' which could retrieve remotely entries from the Homo Sapiens Ensembl gene repository. Save the file and go back to your shell. You can repeat the '<i style="font-family: "Courier New",Courier,monospace;"><b>showdb</b></i>' command and verify that you can see the newly defined martensembl database. Now, test it by typing:</span><br />
<span class="st"><br /></span>
<br />
<div style="font-family: "Courier New",Courier,monospace;">
<i><b><span class="st">seqret martensembl:ENST00000380152</span></b></i></div>
<span class="st"><br /></span>
<span class="st">The resulting fasta file should contain the info you require and this was all the way from the remote Biomart server. Congratulations, you just setup your first remote database access in EMBOSS!</span><br />
<span class="st"><br /></span>
<span class="st">Browsing remote access repositories is a good idea and the EMBOSS team was right to enable the functionality in EMBOSS. However, accessing remote datasets does not always work very well if:</span><br />
<br />
<ul style="text-align: left;">
<li><span class="st">You go into a place where Internet availability is sketchy or of limited bandwidth capacity.</span></li>
<li><span class="st">The datasets you need to access involve millions of sequences or Gigabytes of information. </span></li>
</ul>
<span class="st">In these case, your only reliable option is to setup a database locally and make a flatfile database index. This is explained in the next section. </span></div>
<div>
<span class="st"><br />
</span><br />
<br />
<h3 style="text-align: left;">
<span class="st">How to define a local flatfile database index </span></h3>
<span class="st">What was said in the previous section about the main parts of an EMBOSS database definition in the emboss.standard file can also be applied to the emboss.default file. Let's provide an example and give you an example of how you can format the latest Uniprot/sprot database, in three steps:</span><br />
<span class="st"><br /></span>
<br />
<ul style="text-align: left;">
<li><span class="st"><b>Step A</b>: Download and uncompress the latest file into your flatfile index area, a directory where you should have plenty of space to hold your flatfiles and the produce indices of your datasets. The file lies <a href="ftp://ftp.ebi.ac.uk/pub/databases/uniprot/current_release/knowledgebase/complete/uniprot_sprot.dat.gz" target="_blank">here</a> (EBI FTP server). On the command line, you could do a: </span></li>
</ul>
<div style="font-family: "Courier New",Courier,monospace; text-align: center;">
<span style="font-size: small;"><i><b><span class="st">wget ftp://ftp.ebi.ac.uk/pub/databases/uniprot/current_release/knowledgebase/complete/uniprot_sprot.dat.gz</span></b></i></span></div>
<div style="text-align: center;">
<span style="font-size: small;"><i><b><span class="st"> </span></b></i><span class="st">followed by a;</span></span></div>
<div style="font-family: "Courier New",Courier,monospace; text-align: center;">
<i><b><span style="font-size: small;"><span class="st">gunzip uniprot_sprot.dat.gz</span></span></b></i></div>
<div style="text-align: center;">
<span style="font-size: small;"><span class="st"><br /></span></span></div>
<div style="text-align: left;">
<ul style="text-align: left;">
</ul>
<ul style="text-align: left;">
<li><span style="font-family: inherit;"><span style="font-size: small;"><span class="st"><b>Step B</b>: Update the 'emboss.default' file by adding a database definition, as well as a resource definition, as shown below:</span></span></span></li>
</ul>
<ul style="text-align: left;">
</ul>
<i><b><span style="font-family: "Courier New",Courier,monospace; font-size: small;"><span class="st">SET emboss_database_dir /storage/tools/embossdbs<br />SET emboss_db_dir /storage/tools/embossdbs</span></span></b></i></div>
<div style="font-family: "Courier New",Courier,monospace; text-align: left;">
</div>
<div style="font-family: "Courier New",Courier,monospace; text-align: left;">
<i><b><span style="font-size: small;"><span class="st"></span></span></b></i></div>
<div style="text-align: left;">
<span style="font-size: small;"><span class="st"><i><b><span style="font-family: "Courier New",Courier,monospace;">DB sprot [</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> type: P</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> method: emboss</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> release: "57.1"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> format: swiss</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> fields: "id acc sv des key org"</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> directory: $emboss_db_dir/uniprotsprotfiles</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> file: *.dat</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> indexdirectory: $emboss_db_dir/uniprotsprotfiles</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> comment: "UniProtKB/Swiss-Prot Latest Release "</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">]</span><br style="font-family: "Courier New",Courier,monospace;" /><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">RES sprot [</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> type: Index</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> idlen: 15</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> acclen: 15</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> svlen: 20</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> keylen: 85</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> deslen: 75</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> orglen: 75</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">]</span></b></i></span></span></div>
<div style="text-align: left;">
<br />
<span style="font-family: inherit;"><span style="font-size: small;"><span class="st">The first two lines are optional and provide an alias for the directory locations where you have uncompressed the flatfile and you are going to produce the index. After that you have the database (DB sprot) definition. It is a protein sequence database (type: P). The fields specification is important. It lists all the indices that are going to be produced. So, we know that we will be able to search the database by sprot IDs (id), accession number (acc), sequence version (sv), descriptive text from the sequence header (des), keyword (key) and taxonomy info (org). </span></span></span></div>
<div style="text-align: left;">
<span style="font-family: inherit;"><span style="font-size: small;"><span class="st"><br /></span></span></span></div>
<div style="text-align: left;">
<span style="font-family: inherit;"><span style="font-size: small;"><span class="st">Each of these index fields has a defined length as part of the associated RES (resource definition) entry. Note that it is important to define both the DB and the RES blocks. If you do not and for example you forget to define the RES record, the EMBOSS applications will complain until you resolve the issue with an error message similar to this one:</span></span></span><br />
</div>
<div style="text-align: left;">
<div style="font-family: "Courier New",Courier,monospace; text-align: center;">
<i><b><span style="font-size: small;"><span class="st">EMBOSS An error in ajnam.c at line 9126:<br />unknown resource 'sprot'</span></span></b></i></div>
<br />
<span style="font-family: inherit;"><span style="font-size: small;"><span class="st">For now, save the file and do a showdb to verify that you can see the 'sprot' database. If you have omitted or misconfigured any important parts of the definition, the command should complain with informative errors.</span></span></span><br />
<br />
<ul style="text-align: left;">
<li><span style="font-size: small;"><span class="st"><b>Step C</b>: Produce the index. Go to the directory where you have your uncompressed flatfile (.dat) (in my case this is under /storage/tools/embossdbs/uniprotsprotfiles) and type the following emboss command: <i style="font-family: "Courier New",Courier,monospace;"><b style="font-family: "Courier New",Courier,monospace;">dbxflat -outfile uniprotsprotout -directory /storage/tools/embossdbs</b><b>/uniprotsprotfiles -idformat SWISS -filenames '*.dat' -fields id,acc,sv,des,key,org -compressed N -dbname sprot -dbresource sprot -release 2012_07 -date 03/08/12 </b></i></span></span></li>
</ul>
<span style="font-size: small;"><span class="st"> You will need to wait a bit, as the system takes its time to crunch the index. </span></span></div>
<div style="text-align: left;">
<span style="font-size: small;"><span class="st"></span></span></div>
<div style="text-align: left;">
<span style="font-size: small;"><span class="st"></span></span></div>
<div style="text-align: left;">
<span style="font-size: small;"><span class="st"></span></span></div>
<div style="text-align: left;">
<span style="font-size: small;"><span class="st"></span></span></div>
<div style="text-align: left;">
<span style="font-size: small;"><span class="st"></span></span></div>
<div style="text-align: left;">
<span style="font-size: small;"><span class="st"></span></span></div>
<div style="text-align: left;">
<span style="font-size: small;"><span class="st"><br /></span></span>
<span style="font-size: small;"><span class="st">If all goes well, you should see the following index files in your directory where your flatfile lies:</span></span><br />
<span style="font-size: small;"><span class="st"><br /><i style="font-family: "Courier New",Courier,monospace;"><b>-rw-r--r--. 1 root root 103 2012-08-03 19:28 sprot.ent<br />-rw-r--r--. 1 root root 299 2012-08-03 19:36 sprot.pxac<br />-rw-r--r--. 1 root root 301 2012-08-03 19:36 sprot.pxde<br />-rw-r--r--. 1 root root 295 2012-08-03 19:36 sprot.pxid<br />-rw-r--r--. 1 root root 297 2012-08-03 19:36 sprot.pxkw<br />-rw-r--r--. 1 root root 295 2012-08-03 19:36 sprot.pxsv<br />-rw-r--r--. 1 root root 299 2012-08-03 19:36 sprot.pxtx<br />-rw-r--r--. 1 root root 63M 2012-08-03 19:36 sprot.xac<br />-rw-r--r--. 1 root root 259M 2012-08-03 19:36 sprot.xde<br />-rw-r--r--. 1 root root 40M 2012-08-03 19:36 sprot.xid<br />-rw-r--r--. 1 root root 161M 2012-08-03 19:36 sprot.xkw<br />-rw-r--r--. 1 root root 38M 2012-08-03 19:36 sprot.xsv<br />-rw-r--r--. 1 root root 264M 2012-08-03 19:36 sprot.xtx<br />-rw-r--r--. 1 root root 2,5G 2012-08-03 19:26 uniprot_sprot.dat<br />-rw-r--r--. 1 root root 758 2012-08-03 19:36 uniprotsprotout</b></i></span></span><br />
<span style="font-size: small;"><span class="st"><br /></span></span>
<span style="font-size: small;"><span class="st">and you should be able to test your new database. For instance, to obtain all sequences that have the word influenza in the description index from your current sprot release, you could type:</span></span><br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
<i><b><span style="font-size: small;"><span class="st">seqret sprot-des:influenza</span></span></b></i></div>
<br />
<span style="font-size: small;">The same procedure could be used for nucleotide databases (type: N). Remember, you have the emboss.default.template as your guide. I hope you have a better understanding of how you can setup local databases in EMBOSS now.</span><br />
<br /></div>
</div>
</div>
</div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com1tag:blogger.com,1999:blog-2248117304334958898.post-86198497941001545692012-07-31T05:32:00.001-07:002012-08-03T11:08:21.000-07:00The bioinformatics sysadmin craftmanship: An EMBOSS 6.5 production server install: Part 1: Installing from sources<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6grpX_wrtRVBg6eoseRCGhK2cc0GrKTRKcPMI8MKyVyBc9lQsdegPNNU6_z5aVGhEJAdlT2KfnCrWCQ4-1wtBKd6kVlBjiRnUWQsZe3_cAMzrmcLT1YsT6iVrwhpPvJphiIhb0zpl21Bm/s1600/emboss.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="129" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6grpX_wrtRVBg6eoseRCGhK2cc0GrKTRKcPMI8MKyVyBc9lQsdegPNNU6_z5aVGhEJAdlT2KfnCrWCQ4-1wtBKd6kVlBjiRnUWQsZe3_cAMzrmcLT1YsT6iVrwhpPvJphiIhb0zpl21Bm/s400/emboss.jpg" width="400" /></a></div>
<div style="text-align: center;">
<br /></div>
<br />
Every 15th of July, the EMBOSS team at EBI releases a fresh version of the <span class="st"><a href="http://www.emboss.org/" target="_blank">European Molecular Biology Open Software Suite (EMBOSS)</a>. Started and shaped by the <a href="http://www.embnet.org/" target="_blank">EMBnet community</a>, EMBOSS is one of the most versatile systems to perform sequence analysis and a variety of bioinformatics pipeline tasks, as it copes with a variety of file formats and contains a plethora of applications. </span><br />
<br />
Most of the procedures outlined here are described in more detail by the '<a href="http://www.amazon.com/EMBOSS-Users-Guide-Practical-Bioinformatics/dp/0521607256" target="_blank">EMBOSS User's Guide: Practical Bioinformatics</a>' book, written by the EMBOSS authoring team. While this is an excellent publication, books quickly get out of date as software evolves. In addition, the <a href="http://emboss.sourceforge.net/admin/#admin" target="_blank">on-line EMBOSS administration documentation</a> is out of date. As a result, I felt that this two part article series (<span class="st"><a href="http://epistolatory.blogspot.no/2012_08_01_archive.html" target="_blank">Part 2</a> covers the task of enabling data access in EMBOSS (including local flatfile database setup)</span> will be a quick startup guide for those that have to administer EMBOSS installations.<br />
<br />
<span class="st">This year the version clock has turned into 6.5. In this Part, I shall be going through an installation from the sources on a production Linux server, covering all aspects of the system configuration, including the formatting of databases. There might be binary/prebuilt packages available for your Linux distribution. However, I always maintain the principle of building the latest binaries from the sources. This gives you the latest and the greatest with a little bit of extra effort.</span><br />
<br />
<span class="st">Most of the steps below can be automated with simple scripts. However, the process of going through a manual installation of EMBOSS should make you aware of the different system components. Once you have an understanding of the system, it is then wise to automate/script these steps. </span><br />
<br />
<h3 style="text-align: left;">
<span class="st">What kind of hardware you will need</span><span class="st"> </span></h3>
<div style="text-align: left;">
<span class="st">EMBOSS is a fairly modest system to install in terms of hardware requirements. The only thing that can draw the hardware envelope is how much data you would like to index. If your server should host/index the entire EMBL/Genbank databases, you will need plenty of disk space (I advise you to have at least 3-4 Tbytes to spare, yes you read right). </span></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span class="st">Memory and CPU wise, 8 cores with 32-64 Gigs of RAM should be enough to keep most user loads happy (30-40 users) on a production server setup. What you do draws the map for the hardware requirements. If you are trying to do a global alignment of large sequences, you might easily eat up 64 Gigs of RAM. In contrast, basic sequence processing could also be performed on a dual core Laptop with 4 Gigs of RAM. By and large, the figures I suggest here should meet most requirements. If you have the task of specing an EMBOSS server, your best bet to get it right is to talk to your scientists and ask for what sort of operations they would be performing, to get an accurate picture of the hardware specs. </span></div>
<div style="text-align: left;">
<span class="st"><br /></span></div>
<div style="text-align: left;">
<span class="st"><br /></span></div>
<h3 style="text-align: left;">
<span class="st">The downloading of the sources</span></h3>
<span class="st">Prior starting, I ensure that my Linux system has most of the development libraries installed. Some EMBOSS applications can be sensitive to missing libraries like libpng, libjpeg, etc. You will also need to ensure that you have your C/C++ compilers installed (gcc/g++). </span><br />
<br />
<span class="st">EMBOSS is a large system. Apart from the core EMBOSS packages, there is an entire array of third party applications that are bundled together with the EMBOSS core applications (some examples: <a href="http://evolution.genetics.washington.edu/phylip/phylipweb.html" target="_blank">PHYLIP</a>, <a href="http://meme.sdsc.edu/meme/intro.html" target="_blank">MEME</a>, <a href="http://www.ebi.ac.uk/Tools/pfa/iprscan/" target="_blank">IPRSCAN</a>). These are the EMBASSY tools. This is a detail for most users, who collectively refer to the entire package as EMBOSS. However, when you go to download the source EMBOSS tarball, it does not contain these additional packages. This means that if you want to have the full array of EMBOSS/EMBASSY applications, you will have to go through the following steps:</span><br />
<span class="st"><br /></span><br />
<span class="st">1)Go to the main <a href="ftp://emboss.open-bio.org/pub/EMBOSS/" target="_blank">EMBOSS FTP download server</a> and I download the latest EMBOSS tarball (normally named emboss-latest.tar.gz). In my case, it points to the EMBOSS-6.5.7. </span><br />
<span class="st"><br />2)After downloading this to my source dir, I unpack it by doing a:</span><br />
<div style="font-family: "Courier New",Courier,monospace;">
<i><b><span class="st">tar -xvfz EMBOSS-6.5.7.tar.gz</span></b></i></div>
<span class="st"><br /></span><br />
<span class="st">3)I then cd to the EMBOSS-6.5.7 dir and at the top level of the sources, I do a:</span><br />
<div style="font-family: "Courier New",Courier,monospace;">
<i><b><span class="st">mkdir embassy</span></b></i></div>
<span class="st"><br /></span><br />
<span class="st">4)Under the newly created embassy directory, I then download the tarballs of the EMBASSY packages (version info will vary, but the base name of each package should be more or less the same): CBSTOOLS, CLUSTALOMEGA, DOMAINATRIX, DOMALIGN, DOMSEARCH, EMNU, ESIM4, HMMER, IPRSCAN, MEME, MSE, PHYLIPNEW, SIGNATURE, STRUCTURE, TOPO, VIENNA .</span><br />
<span class="st">I unpack each of the tarballs with the same command as step 2 under the embassy subdirectory. Once I am done, I can delete the remaining *.tar.gz files. </span><br />
<span class="st"><br /></span><br />
<span class="st">5)At this point, it might be wise to create a tarball with all the sources properly laid out under the embassy subdirectory by going above the EMBOSS-6.5.7 directory and doing a:</span><br />
<div style="font-family: "Courier New",Courier,monospace;">
<i><b><span class="st">tar -cvf embossembassy65.tar EMBOSS-6.5.7/</span></b></i></div>
<br />
<span class="st">This will create the file embossembassy65.tar. This is handy in case you wish to erase the whole source tree and start from scratch and/or repeating the installation on other systems by not having to go through the steps 1-4 again to assemble the source tree.</span><br />
<br />
<br />
<h3 style="text-align: left;">
<span class="st">Configure and compile</span></h3>
<span class="st">We are now ready to start configuring the various packages and eventually compiling them into the EMBOSS/EMBASSY binary applications we shall be using. In my system, I choose that the directory holding the binaries and the produced libraries should be under:</span><br />
<br />
<span class="st">/usr/lsc/emboss</span><br />
<br />
<span class="st">You are free to choose what you wish on your system. </span><br />
<br />
<span class="st">6)Thus, I cd into the top level of the EMBOSS-6.5.7 directory and I issue a:</span><br />
<div style="font-family: "Courier New",Courier,monospace;">
<i><b><span class="st">./configure --prefix=/usr/lsc/emboss; make; make install</span></b></i></div>
<br />
<span class="st">In one sentence, this says to the config process where to place the produced files and instructs the system to compile and place the produced applications under that location. Grub a cup of tea/coffee/beer as this will take some time. If it all goes well, and you see no errors in the terminal output, you should see the first installed binary applications under the /usr/lsc/emboss/bin directory. In my base, I verify that I have functioning applications by executing embossversion:</span><br />
<span class="st"><i><b style="font-family: "Courier New",Courier,monospace;">./embossversion <br />Report the current EMBOSS version number<br />6.5.7.0</b></i><br /> </span><br />
<span class="st">This means that I am on good ground and can continue with the installation of the rest of the applications. </span><br />
<br />
<span class="st">One detail new to the process of installing EMBOSS as of version 6.5.x is the automatic kick in of the embossupdate application, which you note in the final output lines of a successful step 6 operation:</span><br />
<span class="st"><i style="font-family: "Courier New",Courier,monospace;"><b>... </b></i></span><br />
<span class="st"><i style="font-family: "Courier New",Courier,monospace;"><b>make[3]: Entering directory `/usr/lsc/sources/EMBOSS-6.5.7'<br />/usr/lsc/emboss/bin/embossupdate<br />Checks for more recent updates to EMBOSS<br />EMBOSS 6.5.7.0 is the latest version (6.5.0.0)</b></i><br /> </span><br />
<span class="st">Basically, the EMBOSS install process will check for patches and updates to the source code, a process performed manually by EMBOSS admins before. This is a very welcome addition and eases the process of receiving up-to-date code, in order to address bug fixes and enhancements.</span><br />
<br />
<span class="st">If you do not get to the point where you see the emboss applications and you see errors as part of the make process, the most likely scenario is that you are missing some development library or tool. You can get help by posting a request for help to the <a href="http://emboss.open-bio.org/mailman/listinfo/emboss" target="_blank">EMBOSS mailing list</a>. </span><br />
<span class="st"><br /></span><br />
<span class="st">What you need to do now is to repeat step 6 for every subdirectory under the embassy directory and watch gradually the new applications being added to the bin folder.</span><br />
<span class="st"><br /></span><br />
<span class="st"><br /></span><br />
<h3 style="text-align: left;">
<span class="st">Post installation configuration</span><span class="st"> </span></h3>
<span class="st">You should have installed by now all the applications of core EMBOSS and EMBASSY packages from source. After this process, you should start configuring your system so you can make the applications available.</span><br />
<span class="st"><br /></span><br />
<span class="st">7)Make sure that the emboss bin folder is in a system wide path, to ensure that all users can reference the applications. For my systems, all the freshly compiled applications reside under the /usr/lsc/emboss/bin folder. Hence, this is the folder I enter into the system wide PATH. in my server /etc/profile.d/bash_login.sh, there is a line that contains the following: </span><br />
<span class="st"><i style="font-family: "Courier New",Courier,monospace;"><b>export PATH=$PATH:/usr/lsc/emboss/bin</b></i> </span><br />
<span class="st"><br /></span><br />
<span class="st">8)Make sure you install all the application dependencies for the EMBOSS/EMBASSY applications you are going to use . There is a number of EMBOSS/EMBASSY applications that are wrappers around third party packages. This means that the EMBOSS/EMBASSY application will not function, unless you install its required dependencies. This is normally simple. I am not going to mention all the dependencies now, but a few examples from my userbase are the following:</span><br />
<span class="st">-<a href="http://emboss.sourceforge.net/apps/cvs/emboss/apps/emma.html" target="_blank">emma</a> which requires the installation of the <a href="http://www.clustal.org/clustal2/" target="_blank">Clustalw</a> tool. </span><br />
<span class="st">-<a href="http://emboss.sourceforge.net/apps/cvs/embassy/iprscan/eiprscan.html" target="_blank">eiprscan</a> which requires the installation of the <a href="ftp://ftp.ebi.ac.uk/pub/software/unix/iprscan/" target="_blank">iprscan</a> tool. </span><br />
<span class="st">-<a href="http://emboss.sourceforge.net/apps/release/6.1/embassy/memenew/ememe.html" target="_blank">ememe</a> which requires the installation of the <a href="http://meme.nbcr.net/downloads/" target="_blank">meme</a> tool. </span><br />
<br />
<span class="st">Each of these installations might involve an entire set of separate procedures and instructions, but you get the picture.</span><br />
<br />
<span class="st"><a href="http://epistolatory.blogspot.no/2012_08_01_archive.html" target="_blank">Part 2</a> of this article will examine how to configure the EMBOSS databases. </span><br />
<br /></div>kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-71229555935304982082012-07-14T04:26:00.001-07:002012-07-14T11:16:49.809-07:00Το τίμημα της οικονομικής Γερμανικής επιτυχίας<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2-HcPTv1vS6ZxzmGgIedFo4yj-qaZgINVJcim-BmlREubdy31tcA94tgF_b6PaB464EOkF9WarLBX8OLiCVD2Ghl1niPt2iXLdrzWX3h4gLxibDOGAIq6A4-mebaj0DXWnDR_ik369rYc/s1600/20120611-aftenposten_morgen-original.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2-HcPTv1vS6ZxzmGgIedFo4yj-qaZgINVJcim-BmlREubdy31tcA94tgF_b6PaB464EOkF9WarLBX8OLiCVD2Ghl1niPt2iXLdrzWX3h4gLxibDOGAIq6A4-mebaj0DXWnDR_ik369rYc/s400/20120611-aftenposten_morgen-original.jpg" width="278" /></a></div>
<br />
<br />
<b>Σημείωση μετάφρασης:</b>Το παρόν αποτελεί μετάφραση του κύριου άρθρου με τίτλο "Lavtløne og fattige betaler regninge" (Οι χαμηλόμισθοι και οι φτωχοί πληρώνουν το λογαριασμό) της Νορβηγίδας δημοσιογράφου Ingrid Brekke. Στο εξώφυλλο απεικονίζεται ο τίτλος "Må betale for Tysklands suksess" ("Η επιτυχία της Γερμανίας πληρώνεται"). Δημοσιεύθηκε στην έγκριτη Νορβηγική εφημερίδα <i><b>Aftenposten</b></i> στις 11 Ιουνίου του 2012 (σελίδες 17-19).<br />
<br />
Το άρθρο περιγράφει με ακρίβεια τη σκοτεινή πλευρά της Γερμανικής οικονομικής μηχανής και τα βιώματα ενός Γερμανού δημοσιογράφου που έζησε απο πρώτο χέρι συνθήκες εργασίας σκλαβιάς μέσα στη Γερμανία. Η μετάφραση είναι δική μου, τα σχόλια δικά σας. <br />
<br />
---<br />
<br />
<b>Η ΣΚΟΤΕΙΝΗ ΠΛΕΥΡΑ ΤΗΣ ΓΕΡΜΑΝΙΑΣ</b><br />
<br />
Η μεγαλύτερη και πιο ισχυρή χώρα της Ευρώπης έχει στα χέρια της την περαιτέρω ανάπτυξη της ηπείρου. Λίγες δεκαετίες νωρίτερα, η Γερμανία ήταν ο ασθενής της Ευρώπης. Όλοι τότε τη θαύμασαν για τα μέτρα που πήρε για να τονώσει την οικονομία της και να μειώσει την ανεργία. Σήμερα, η Γερμανία δίνει την ίδια συνταγή για την κρίση της Ευρωζώνης: περικοπές δαπανών και σφύξιμο στη ζώνη.<br />
<br />
Όμως η Γερμανική επιτυχία έχει μια σκοτεινή πλευρά ιδιαίτερα απογοητευτική για τους αριστερούς της Ευρώπης. <b>Τα μέτρα για την επαναφορά των χωρών της Ευρωζώνης σε τάξη έρχονται κυρίως απο τον πάτο της σκάλας.</b> Οι μισθωτοί δεν είδαν μόνο σημαντικές μειώσεις του πραγματικού τους εισοδήματος απο το 2000 και μετά, αλλά (είδαν) και το ποσοστό των χαμηλόμισθων να αυξάνεται. Ταυτόχρονα οι πλούσιοι αυξάνονται. Τον περασμένο χρόνο, η Γερμανία είχε για πρώτη φορά πάνω απο εκατό δισεκατομμυριούχους (σε Ευρώ).<br />
<br />
Προς τα τέλη της δεκαετίας του 90, καταγράφεται μια αυξανόμενη πόλωση στο Γερμανικό εισόδημα, σύμφωνα με τα λεγόμενα του ερευνητή <i><b>Markus Grabka</b></i> του Γερμανικού Ινστιτούτου Οικονομικής Έρευνας (DIW) στη <i><b>Der Spiegel</b></i>. "Σχεδόν αποκλειστικά" οι πλούσιοι κέρδισαν απο την οικονομική ανάπτυξη των τελευταίων χρόνων. Και συνεχίζει: "Η τάση αυτή πιθανότατα θα συνεχιστεί".<br />
<br />
<b>Οι Γερμανικοί μισθοί είναι μερικές φορές τόσο χαμηλοί που οι άνθρωποι δεν μπορούν να ζήσουν απο τη δουλειά τους, παρόλο που πολλοί απο αυτούς δουλεύουν παραπάνω απο 50 ώρες την εβδομάδα.</b><br />
<br />
Ο δημοσιογράφος <i>Günter Wallraff</i> <span class="" id="result_box" lang="el"><span class="hps">έρχεται με</span> <span class="hps">νέες αποκαλύψεις</span> <span class="hps">των </span><span class="hps">συμβάσεων</span> <span class="hps">εργασίας</span> σκλάβων <span class="hps">και τις σκληρές συνθήκες</span> <span class="hps">του πάτου </span><span class="hps">της</span> εισοδηματικής <span class="hps">σκάλας</span> <span class="hps">στη γερμανική</span> <span class="hps">κοινωνία</span><span class="">.</span></span><br />
<br />
<br />
<b>ΟΙ ΧΑΜΗΛΟΜΙΣΘΟΙ ΚΑΙ ΟΙ ΦΤΩΧΟΙ ΠΛΗΡΩΝΟΥΝ ΤΟ ΛΟΓΑΡΙΑΣΜΟ</b><br />
<br />
Ο Άντι Φίσερ είναι 28 χρονών και πιάνει δουλειά κάθε μέρα στις 5 το πρωί. Ξεκινάει τότε να φορτώσει τα πακέτα στο φορτηγάκι διανομών, 230 τον αριθμό (μερικά απο αυτά έχουν βάρος μέχρι και 50 κιλά). 130 στάσεις ξεφορτώματος χωρίς διάλειμμα. Κατα τις 7 το βράδι, τελειώνει απο τη δουλειά του.<br />
<br />
<b>Για αυτές τις 14 ώρες καθημερινής εργασίας, πέντε μέρες τη βδομάδα, ο Φίσερ βγάζει το μήνα 10000 Νορβηγικές κορώνες (1340 Ευρώ), μεικτά.</b><br />
<br />
Αυτή είναι η καθημερινή ζωή για πολλούς στην πλούσια Γερμανία. O Άντι Φίσερ είναι ένα απο τα χαρακτηριστικά παραδείγματα που αναφέρονται στο πρόσφατο ντοκυμαντέρ του παγκοσμίου φήμης δημοσιογράφου Günter Wallraff.<b> </b>Προσποιούμενος τον απλό εργάτη, ο Wallraff δούλεψε για πολλούς μήνες για την εταιρεία GLS, ιδιοκτησίας της Βρετανικής Royal Mail (Βασιλικό Ταχυδρομείο).<br />
<br />
<br />
<b>ΤΟ ΚΑΤΡΑΚΥΛΙΣΜΑ ΤΩΝ ΜΙΣΘΩΝ</b><br />
<br />
<ul style="text-align: left;">
<li><i><b>Ως χαμηλόμισθοι υπολογίζονται αυτοί που κερδίζουν λιγότερο απο το 60% του μέσου μισθού. Το 2010, αυτό σημαίνει ωριαία μεικτή αποζημίωση κάτω των 9.5 Ευρώ την ώρα. </b></i></li>
<li><i><b>Πρόσφατη έρευνα δείχνει οτι 25% των χαμηλόμισθων δουλεύουν τουλάχιστον 50 ώρες την εβδομάδα.</b></i></li>
<li><i><b>Το 22% των Γερμανών εργαζομένων είναι χαμηλόμισθοι. Το αντίστοιχο ποσοστό στα μέσα της δεκαετίας του 90 ήταν 15%.</b></i></li>
</ul>
<br />
Η Γερμανία είναι τώρα η πιο σταθερή οικονομία της Ευρώπης. Απαλλάχθηκε απο μια τεράστια ανεργία μέσω σκληρών μεταρρυθμίσεων απο το Σοσιαλδημοκράτη Καγκελάριο Γκέρχαρντ Σρέντερ στο πρώτο εξάμηνο του 2000.<br />
<br />
<span class="" id="result_box" lang="el"><span class="hps">Περιορισμοί </span> στον τομέα των <span class="hps">συντάξεων</span>, <span class="hps">των επιδομάτων ανεργίας και</span><span class="hps"> κοινωνικής πρόνοια</span>ς <span class="hps">πήγαιναν</span> <span class="hps">χέρι-</span><span class="hps">χέρι με</span> <span class="hps">αποτελεσματικά μέτρα</span> <span class="hps atn">«</span>Kurzarbeit», όπως <span class="hps">η εισαγωγή</span> <span class="hps">μικρότερης</span> <span class="hps">εργασιακής μέρας</span> <span class="hps">στη βιομηχανία</span> <span class="hps">για να</span> <span class="hps">δημιουργήσουν</span> <span class="hps">ευελιξία</span> <span class="hps">και να αποτρέψουν τις</span> <span class="hps">απολύσεις</span><span class="">. Οι Γερμανοί εργαζόμενοι είδαν το μισθό τους να μειώνεται κατα 5% σε σχέση με το έτος 2000.</span></span><br />
<span class="" id="result_box" lang="el"><span class=""><br /></span></span><br />
<span class="" id="result_box" lang="el"><span class="">Υπήρξε επίσης και μια αποδοχή μιας τακτικής που θέλει τους μισθωτούς να πληρώνονται τόσο χαμηλά που να μην μπορούν να επιζήσουν ακόμα και με μια δουλειά πλήρους απασχόλησης και έφτιαξαν ένα σύστημα για κοινωνική βοήθεια ώστε να αντιμετωπίσουν τους χαμηλόμισθους. Και αυτά τα επείγοντα μέτρα κοινωνικής βοήθειας τείνουν να γίνουν μόνιμα. '<b>Ετσι παρόλη την μείωση της ανεργίας (βρίσκεται τώρα γύρω στο 7 τοις εκατό, η χαμηλότερη των τελευταίων 20 ετών), τα επίπεδα φτώχειας δεν έχουν μεταβληθεί, σύμφωνα με σχετική έρευνα της εφημερίδας Die Welt. Και αυτό γιατί οι περισσότερες νέες θέσεις εργασίας δημιουργούνται με χαμηλούς μισθούς, στους τομείς παροχής υπηρεσιών και σε κάποιους τομείς υπηρεσιών υγείας.</b></span></span><br />
<br />
<span class="" id="result_box" lang="el"><span class="">12 εκατομμύρια Γερμανοί ζουν κάτω απο το φόβο να αγγίξουν τα όρια της φτώχειας, μια κατάσταση που πολλοί φοβούνται οτι θα αρχίζει να σχετίζεται και με συγκεκριμένες κοινωνικές ομάδες, όπως για παράδειγμα οι φοιτητές. Ιδιαίτερη ανησυχητική είναι η κατάσταση στην Ruhr, όπου το ποσοστό φτώχειας σε πολλές πόλεις έχει ξεπεράσει το 20%.</span></span><br />
<span class="" id="result_box" lang="el"><span class=""><br /></span></span><br />
<span class="" id="result_box" lang="el"><span class="">Η Διαθνής Οργάνωση Εργασίας (ILO) πιστεύει ότι η Γερμανική πολιτική των χαμηλών μισθών έχει συμβάλλει στη διαμόρφωση της κρίσης της Ευρωζώνης. <br />Οι Γερμανικοί μισθοί ήταν τόσο χαμηλοί σε σημείο που άλλες χώρες της Ευρωζώνης ήταν αδύνατο να τους συναγωνιστούν. Η Γερμανία έχει εισάγει πολύ λίγα απο άλλες χώρες της Ευρωζώνης, ενώ αντίθετα έχει εξάγει πάρα πολλά σε αυτές. Για αυτούς τους λόγους ο ILO πιστεύει ότι ένα τέλος της πολιτικής χαμηλών μισθών θα έχει θετική επίπτωση στην εκτόνωση της κρίσης στην ευρωζώνη.</span></span><br />
<span class="" id="result_box" lang="el"><span class=""><br /></span></span><br />
<br />
<b><span class="" id="result_box" lang="el"><span class="">ΚΑΤΩΤΑΤΟΣ ΜΙΣΘΟΣ</span></span></b><br />
<span class="" id="result_box" lang="el"><span class=""><br /></span></span><br />
<span class="" id="result_box" lang="el"><span class="">Έστω και αν η συντηρητική καγκελάριος 'Ανγκελα Μέρκελ και το κόμμα της το CDU προσπαθούν τώρα να εισάγουν κατώτατους μισθούς, η πολιτική πίεση για πραγματικές αλλαγές είναι χαμηλή. <b>Με τα μάτια των Νορβηγών, η έλλειψη κοινωνικής αλληλλεγύης προς στους χαμηλόμισθους είναι εκπληκτική. </b>Η έλλειψη αυτή δικαιολογείται μερικώς απο το γεγονός οτι οι σοσιαλδημοκράτες και οι συνδικαλιστές συμμετείχαν στην καθιέρωση της χαμηλής οροφής των μισθών, η οποία οδήγησε στο βύθισμα της ανεργίας. </span></span><br />
<span class="" id="result_box" lang="el"><span class=""><br /></span></span><br />
<span class="" id="result_box" lang="el"><span class="">Η εφημερίδα </span></span><b>Süddeutsche </b>επεσήμανε πρόσφατα ότι η εμμονή της Γερμανίας να συνταγολογεί το φάρμακο κατα της κρίσης της Ευρωζώνης δεν λαμβάνει υπόψη ότι στη Γερμανία υπάρχει μια τεράστια μεσαία τάξη, δηλαδή καινοτόμες μικρές και μεσαίου μεγέθους επιχειρήσεις, οι οποίες σκέφτονται μακροπρόθεσμα και είναι υπεύθυνες για ένα μεγάλο μέρος των εξαγωγών. Μια τέτοια μεσαία τάξη δεν υπάρχει στις χώρες που βρίσκονται σε κρίση στον Ευρωπαικό Νότο, και επομένως η συνταγή δε θα είναι επιτυχημένη.<br />
<br />
<br />
<b>ΑΟΡΑΤΟΙ</b><br />
<br />
Ο Wallraff γράφει οτι φοβόνταν οτι θα αποκαλύπτονταν η πραγματική ταυτότητά του αλλά γρήγορα ανακάλυψε ότι η θέση του περιβάλλονταν απο έναν αόρατο μανδύα. Οι άνθρωποι στις χαμηλόμισθες θέσεις που συμμετέχουν σε όλες τις πτυχές της καθημερινής ζωής, είναι πολύ κουρασμένοι και δεν έχουν ούτε χρόνο ούτε χρήματα (για να είναι ορατοί). Αυτοί που κάθε μέρα ενοχλούν με το να παρκάρουν δίπλα στις θέσεις ποδηλάτων και αφήνουν πακέτα σε τυχαίους γειτονές μας, γράφει ο Wallraff εξηγώντας στο ρεπορτάζ του πλήρως τις συνθήκες εργασίας τους.<br />
<br />
Ταυτόχρονα με την δημοσίευση του ρεπορτάζ του, ο Wallraff καλέσθηκε ως μάρτυρας σε δίκη για την οποία νωρίτερα είχε αποκαλύψει απαίσιες συνθήκες εργασίας σε έναν φούρνο. Οι εργαζόμενοι εκεί δούλευαν ασταμάτητα, και δεν είχαν δικαίωμα να σταματήσουν την παραγωγή ακόμα και αν το αίμα τους έπεφτε πάνω στα κουλούρια.<br />
<br />
<br />
<br /></div>kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-29072174000065055712012-05-07T16:09:00.002-07:002012-05-07T17:49:25.786-07:00Ο απολογισμός και η ερμηνεία του εκλογικού αποτελέσματος<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
Βλέπω ένα τσούρμο πολιτικών, που δεν μπορούν να κολυμπήσουν στο βάθος της διερευνητικής εντολής. Δηλώνουν έτοιμοι να σώσουν τους Έλληνες απο τη μια, και απο την άλλη όταν η φωνή της λογικής για συναίνεση τους χτυπά την πόρτα, δε θέλουν να βγουν απο το κατώφλι και να πιούν νερό όταν η βρύση είναι δίπλα. Φαίνεται οτι η ιεράρχηση της ανάγκης διακυβέρνησης μιας χώρας βρίσκεται σε κατώτερη μοίρα απο τις πολιτικές αρχές και το image τους. Ακόμα και όταν η χώρα είναι σχεδόν στο τέλος της χαράδρας. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Σκέφτομαι αυτούς που ψήφισαν κάποια αποβράσματα που φιλοδοξούν να μπουν στο Ελληνικό κοινοβούλιο. Δικαίωμά τους είναι η ψήφος. Δείχνουν έτσι οτι η Δημοκρατία απαιτεί Παιδεία που τους λείπει. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Θετικό το ότι βυθίστηκε το ΠΑΣΟΚ, ένα κόμμα του οποίου η τακτική της απογραφής έφερε το ΔΝΤ μέσα στην Ευρώπη, όχι μόνο στη χώρα μας. Χάρηκα πάρα πολύ για το ότι βυθίστηκε ένα κόμμα του οποίου ηγήθηκε για πρώτη φορά o Ε. Βενιζέλος. Μια προσωπικότητα που στο όνομα της διαπραγμάτευσης, άλλα έλεγε και άλλα έπραττε και πολλά άλλα δεν έπραττε (περιορισμό των δαπανών), με καταστροφικές συνέπειες για το λαό. Στην άλλη (υποτίθεται) όχθη, η επίσης καθηγήτρια Πανεπιστημίου κ. Κατσέλη, εκ των βασικών παραγόντων του πυρήνα του "λεφτά υπάρχουν" πάτωσε εντελώς. Η κ. Κατσέλη, με προυπηρεσία στον τομέα των Οικονομικών Επιστημών σε Yale, Birbeck College και άλλα Διεθνή και αξιόλογα ιδρύματα, δεν είδε τη λαίλαπα που έρχονταν και πρότεινε στο Γ. Παπανδρέου μια δημοσιονομική προσαρμογή ανεφάρμοστη, διότι αντι να αποδυναμώνει τον κρατισμό, τον ενίσχυε. Άλλο όμως ο κρατισμός και άλλο ο υπερβολικός κομματικός κρατισμός, τον οποίο η κ. Κατσέλη δεν έβλεπε.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Για τη Νέα Δημοκρατία λυπάμαι ειλικρινά. Πρώτον γιατί το εκλογικό αποτέλεσμα οφείλεται σε τραγικά λάθη του Α. Σαμαρά. Το τραγικό της υπόθεσης είναι ότι ενώ είχε δίκιο απο την αρχή στο ότι οι όροι του μνημονίου δεν έβγαιναν, δεν ξεκαθάρισε τη θέση του απο την αρχή. Αμφιταλαντεύθηκε ανάμεσα στην αντιμνημονιακή ρητορική και την ανάγκη διαπραγμάτευσης, με ασυνέπειες και τσαπατσουλιές (Ζάππειο 1) και αλλαγή πλεύσης με απειλές στην κοινοβουλευτική του ομάδα, υποκύπτοντας στις Γερμανικές πιέσεις. Αποτέλεσμα, να αποσχιστεί ο πυρήνας Καμμένου, με όλα τα επακόλουθα. Ο Σαμαράς δεν πλήρωσε για τη συμμετοχή του στη μνημονιακή κυβέρνηση, όπως υποστηρίζουν μερικοί. Η απώλεια θα ήταν στα επίπεδα του ΠΑΣΟΚ αν συνέβαινε αυτό. Πλήρωσε την ασυνέπεια και αδυναμία του να βάλει σε τάξη τα πράγματα εντός της Νέας Δημοκρατίας, στερόντας απο τον τόπο έναν αναγκαίο πυρήνα κοινοβουλευτικής σταθερότητας.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Για τον κ. Καρατζαφέρη έχω να πω οτι για να μείνεις στην πολιτική, δεν αρκεί μόνο να ξέρεις τα κόλπα των ΜΜΕ και να προβάλλεις ένα Εθνικο-Χριστιανικό μοντέλο υπερσυντηρητισμού. Τα υπόλοιπα είναι γνωστά.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Έρχομαι τώρα στους "νικητές" των εκλογών, η πιο σωστά στις νέες "δυνάμεις". Τα εισαγωγικά τα χρησιμοποιώ γιατί όσο η χώρα δεν έχει σχέδιο και κυβέρνηση, κανένας δεν είναι νικητής ή δύναμη. Αυτό που τους λέει ο λαός ΔΕΝ είναι να βγάλουν τη χώρα απο το Ευρώ. Το λαικό μήνυμα είναι σαφές, ισχυρό και πολύ δύσκολο στην εφαρμογή του: Πολιτικός πλουραλισμός, όχι εξουσίες σε μια κομματική νοοτροπία και επαναδιαπραγμάτευση των όρων. Με τον Ολάντ στα σκύπτρα της Γαλλίας, αυτό δε σημαίνει μια Ελλάδα που ορθοποδεί. Η Ελλάδα θα ορθοποδήσει όταν ο λαός μιλά και οι πολιτικοί συννενοούνται. Συννενοηθείτε λοιπόν γιατί ο λαός μίλησε. O αντι/υπέρ μνημονιακός λαικισμός τελείωσε. Ιδού η Ρόδος, ιδού και το πήδημα. </div>
</div>kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-7729733178095170832012-01-06T09:57:00.000-08:002012-12-25T10:49:01.280-08:00The bioinformatics sysadmin craftmanship: Installing the MRS v5 platform: Part 2<div dir="ltr" style="text-align: left;" trbidi="on">
In <a href="http://epistolatory.blogspot.com/2011/12/bioinformatics-sysadmin-craftmanship.html" target="_blank">Part 1</a> of the article series, we examined the basics of what MRS is and its computer hardware requirements. It is about time we get our hands dirty and install a production MRS server.<br />
<br />
<h3 style="text-align: left;">
<b>A basic production setup</b></h3>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim2MmeFTzzuJknA5VXMeQ2dqMN5zE5zFdbrn876tpIfp9c8zz1tbCoO7unEAlfL-Yy3z5QWF-ahth4Qr3987cYyJEmdob7UpKq6BpFoMebeOk-UxbfFR5wvyW6g8w3NMBAI98zd7j_f9Ya/s1600/MRSPRODUCTIONSETUP.001.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim2MmeFTzzuJknA5VXMeQ2dqMN5zE5zFdbrn876tpIfp9c8zz1tbCoO7unEAlfL-Yy3z5QWF-ahth4Qr3987cYyJEmdob7UpKq6BpFoMebeOk-UxbfFR5wvyW6g8w3NMBAI98zd7j_f9Ya/s400/MRSPRODUCTIONSETUP.001.png" width="400" /></a></div>
<br />
The image above illustrates a basic production setup for MRS. You do not have to follow this setup, you could have a single server to handle everything. However, the above setup has a number of advantages that I shall explain.<br />
<br />
There are two servers here. The front-end one serves the user queries, whereas the back-end server is used for the MRS index build process. You will notice that the front end is more beefed up hardware-wise than the backend. This is because (as explained in Part 1) the MRS queries can scale in terms of CPU, I/O and RAM. In contrast, that is not the case with the index building process, which beyond the 8 cores and the I/O it can create, will not scale to a large number of CPUs/cores. As a result, it makes sense to have the most capable machine at the query response end and keep an 8 core CPU with an adequate amount of RAM to crunch your datasets periodically.<br />
<br />
The disk I/O setup reflects the same need/trend. I would recommend to place your disks at the front-end machine and have a capable disk controller (<a href="http://en.wikipedia.org/wiki/Direct-attached_storage" target="_blank">Directly Attached Storage</a> SAS, Fiber Channel, Fiber Channel over Ethernet). The backend machine can access these disks to build the index by means of a well performing NFS setup over <a href="http://en.wikipedia.org/wiki/10_Gigabit_Ethernet" target="_blank">10 Gigabit Ethernet</a>. Plain Gigabit Ethernet should also be acceptable, however, I found that a "<a href="http://en.wikipedia.org/wiki/Jumbo_frame" target="_blank">jumbo frame</a>" enabled 10 Gigabit Ethernet in comparison to plain Gigabit Ethernet cuts the index generation time by 40-60% on average. <br />
<br />
This setup is designed to achieve two things:<br />
<ul style="text-align: left;">
<li>To place the performance where is mostly needed (MRS queries), especially if MRS is used as part of a pipeline (command-line or <a href="http://wiki.g2.bx.psu.edu/" target="_blank">Galaxy</a> based). </li>
<li>To increase the impact of the index generation process on a busy/hard-working server that is hit by queries. </li>
</ul>
The disadvantage is of course that you have to keep two MRS instances running, so what I describe below <b>should be applied to both servers in order to keep things in sync</b>. However, you will see that once you get a basic instance up and running, most of your attention will turn to post-installation issues and not really on keeping two instances in sync, installation-wise.<br />
<br />
<h3 style="text-align: left;">
<b>Software prerequisites</b></h3>
Before we get to the specifics of an MRS server installation, let us go through some important software requirements for installing on a RHEL 6 platform. If your distro is Redhat based (<a href="http://fedoraproject.org/" target="_blank">Fedora</a>, <a href="http://www.centos.org/" target="_blank">CentOS</a>, and <a href="http://www.scientificlinux.org/" target="_blank">Scientific Linux</a> are some of the most well known free derivatives of RHEL), the instructions should carry you through to a functional MRS installation. If your distro is not RHEL based, you can at least have a good appreciation of what building blocks are required for the proper operation of the system. Here is a list of them:<br />
<div style="text-align: left;">
</div>
<ul style="text-align: left;">
<li>gcc 4.4.x compiler or more recent versions (see comment below)</li>
<li>PERL version 5.10 or more recent versions</li>
<li><a href="http://search.cpan.org/dist/XML-LibXSLT/LibXSLT.pm" target="_blank">perl-XML-LibXSLT</a> module</li>
<li><a href="http://www.boost.org/" target="_blank">The Boost C++ library</a> versions >=1.42<= 1.48</li>
<li>The <a href="http://code.google.com/p/libarchive/" target="_blank">libarchive</a> interface</li>
<li>A copy of <a href="http://www.xach.com/snarf/" target="_blank">snarf</a>. </li>
</ul>
Working as the root user, on a RHEL 6 platform, most of these components can be easily installed by the yum package manager with the exception of the Boost library and snarf:<br />
<b><span style="font-family: 'Courier New', Courier, monospace;">yum install perl-XML-LibXSLT</span></b><br />
<b><span style="font-family: 'Courier New', Courier, monospace;">yum libarchive libarchive-devel</span></b><br />
<br />
<div style="text-align: left;">
Starting with the gcc compiler, due to some code optimization bug issues, there were issues <b>when</b> attempting to compile MRS and its prerequisites with a compiler more recent than a 4.4.x series gcc. By mid January 2012, this issue was addressed and is now possible to use more recent compilers than 4.4.x Nevertheless, the RedHat default 4.4 gcc compiler (in my case it was 4.4.6 20110731 (Red Hat 4.4.6-3) ) is a stable choice.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
At the time of writing, RHEL 6.2 (Santiago) is equipped with Boost version 1.41, as part of its default yum package repository. That´s too old for MRS and thus it means that we have to uninstall the yum related Boost packages and install the Boost libs from source.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<br />
<b><span style="font-family: 'Courier New', Courier, monospace;">yum remove boost boost-dev boost-date-time boost-filesystem boost-graph boost-system boost-iostreams boost-thread boost-regex boost-serialization boost-signals</span></b><br />
<br />
Then grub a copy of the libboost 1.47 from:<br />
<a href="http://sourceforge.net/projects/boost/files/boost/">http://sourceforge.net/projects/boost/files/boost/</a></div>
<div style="text-align: left;">
<br />
and complete the boost lib install here in a fixed path (in my case /usr/lsc/libs) by doing a:<br />
<br />
<b><span style="font-family: 'Courier New', Courier, monospace;">tar xvfz boost_1_48_0.tar.gz</span></b><br />
<b>(Note: Earlier versions of libzeep </b>had a problem with <i>boost version >1.47 and would not build. Around mid of January 2012, it became possible to use boost version 1.48)</i><br />
<b><span style="font-family: 'Courier New', Courier, monospace;">cd boost_1_47_0</span></b><br />
<b><span style="font-family: 'Courier New', Courier, monospace;">./bootstrap.sh --prefix=/usr/lsc/libs</span></b><br />
<b><span style="font-family: 'Courier New', Courier, monospace;">./b2 install</span></b><br />
<br />
At that point, make sure that your shared library config (normally /etc/ld.so.conf should contain the <b>/usr/lsc/libs/lib</b> path and then you should do an <b>ldconfig</b>. Check with an <b><span style="font-family: 'Courier New', Courier, monospace;">ldconfig -p | grep /usr/lsc/lib/</span></b> to see that the boost shared libraries are in place.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
For snarf, you need to install the utility in the system wide PATH. </div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<h3 style="text-align: left;">
<b>MRS installation</b></h3>
At this point, we should be ready to start installing MRS itself. Libzeep is the first part of installing MRS. It is a bespoke W3C compliant XML processor that enables MRS to talk the <a href="http://en.wikipedia.org/wiki/SOAP" target="_blank">SOAP</a>. This allows users to query an MRS server using web services. Still working as the root user, get the latest version (at the time of writing) 2.6.3 from the CMBI SVN server:<br />
<br />
<b><span style="font-family: 'Courier New', Courier, monospace;">svn co https://svn.cmbi.ru.nl/libzeep/trunk</span></b><br />
<span style="font-family: 'Courier New', Courier, monospace;"><br />
</span><br />
<span style="font-family: 'Courier New', Courier, monospace;">(revision 337)</span><br />
<br />
Modify the makefile and set the following parameters, having in mind a prefix where you want the libzeep to install:<br />
<br />
<b><span style="font-family: 'Courier New', Courier, monospace;">BOOST_LIB_DIR = /usr/lsc/libs/lib</span></b><br />
<b><span style="font-family: 'Courier New', Courier, monospace;">BOOST_INC_DIR = /usr/lsc/libs/include</span></b><br />
<b><span style="font-family: 'Courier New', Courier, monospace;"><br />
</span></b><br />
<b><span style="font-family: 'Courier New', Courier, monospace;">PREFIX ?= /usr/lsc/libs</span></b><br />
<br />
Then issue a:<br />
<b>make; make install; ldconfig</b><br />
<br />
Do verify that you can see with an <b><span style="font-family: 'Courier New', Courier, monospace;">ldconfig -p | grep libzeep</span></b> that the boost shared libraries are in place.:<br />
<br />
<br />
<span style="font-family: 'Courier New', Courier, monospace;"><b>libzeep.so.2.6 (libc6,x86-64) => /usr/lsc/libs/lib/libzeep.so.2.6</b></span><br />
<span style="font-family: 'Courier New', Courier, monospace;"><b> libzeep.so (libc6,x86-64) => /usr/lsc/libs/lib/libzeep.so</b></span><br />
<div>
<br /></div>
<div>
We are ready to install the actual MRS code now. Now let us install the MRS version. Grab the latest from the CMBI svn</div>
<div>
<br /></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>svn co https://svn.cmbi.ru.nl/mrs/trunk</b></span></div>
<div>
<br /></div>
<div>
(checks out revision 1430)</div>
<div>
<i>Note: The MRS SVN repository is an active project and as such, the developers might be in the process of cleaning/modifying the code. It is possible that if you checkout the latest sources from the CMBI SVN server, that something might break/will not compile. When in doubt, please consult the MRS mailing list and verify the latest known working version. At the time of writing, you can be sure that revision 1430 is a working MRS version. If you wish to use it as a reference, you can issue the command:</i></div>
<div>
<br /></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>svn co -r 1430 https://svn.cmbi.ru.nl/mrs/trunk</b></span></div>
<div>
<br /></div>
<div>
Then I shall make the directory under which I shall have the MRS binary utilities, as well as the directory where I am going to store the datasets (the large multi Tb volume we talked in Part 1 of the article series):</div>
<div>
<br /></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>mkdir /usr/lsc/mrs</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>mkdir /storage/tools/mrsdata</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><br />
</span></div>
<div>
<div style="text-align: left;">
<span style="font-family: inherit;"><span style="font-size: small;">Then, I am ready to initiate the configuration of the sources by selecting the prefix, the data directory location, as well pointing the location of the boost libraries which I installed from source, just to be safe and ensure the MRS coigure routine will find the right library paths, as shown below:</span></span></div>
<div style="text-align: left;">
<br /></div>
</div>
<div>
</div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>./configure --prefix=/usr/lsc/mrs --data-dir=/storage/tools/mrsdata --boost_lib=/usr/lsc/libs/lib --boost_inc=/usr/lsc/libs/include</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><br />
</span></div>
<div>
<span style="font-family: inherit;">Various checks will be performed and if no errors are returned at this stage, the configure command should be followed by a: </span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>make; make install; ldconfig</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><br />
</span></div>
<div>
<span style="font-family: inherit;">If the compilation stage finishes with no errors (you will see plenty of warnings and you can normally safely ignore them), you have just completed the MRS installation stage. Congratulations!</span></div>
<div>
<span style="font-family: Times, 'Times New Roman', serif;"><br />
</span></div>
<div>
<h3 style="text-align: left;">
<span style="font-family: Times, 'Times New Roman', serif;"><b>Post installation config check and orientation</b></span></h3>
</div>
<div>
<span style="font-family: inherit;">In this section, we will discuss what you should see/check, prior using MRS for the first time. After completing the make install and ldconfig steps as described above, you should familiarize yourself with the directory layout of MRS. So, let us take a tour and show the various MRS directories.</span></div>
<div>
<span style="font-family: inherit;"><br /></span>
</div>
<div>
<span style="font-family: inherit;">First of all, under the installation prefix (it was /usr/lsc/mrs) you should see the following directories:</span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: inherit;"><b>bin</b>: This is where the MRS utilities reside: mrs-blast mrs-config-value mrs-mirror mrs-run-and-log mrs-build mrs-lock-and-run mrs-query mrs-test and mrs-update. All these are tools you will be using to configure and query the various MRS datasets.</span></li>
<li><span style="font-family: inherit;"><b>lib</b>: This directory is meant to hold MRS library modules, but it is empty on 64bit systems (x86_64). </span></li>
<li><span style="font-family: inherit;"><b>lib64</b>: On 64-bit systems (x86_64), this contains the MRS.so shared library, as well as the MRS.pm Perl module, a vital module referenced by the dataset parsing scripts (share directory)</span></li>
<li><span style="font-family: inherit;"><b>sbin</b>: Here you should have the mrs-ws binary which is the SOAP web services MRS module. </span></li>
<li><span style="font-family: inherit;"><b>share</b>: This directory contains a series of Perl parsers, one for each databank MRS supports.</span></li>
</ul>
</div>
<div>
<span style="font-family: inherit;">Next, you should navigate your shell to the /usr/local/etc/mrs directory. Under the directory, you should find a series of important configuration files. I shall not go into details on the syntax of these files in this article, but very briefly:</span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: inherit;"><b>databank.info</b>: This file instructs MRS how to fetch (location and method) and generate index for various databanks you can offer/query under MRS.</span></li>
<li><span style="font-family: inherit;"><b>mrs-config.xml</b>: This XML formatted file (its DTD schema is in the mrs-config.dtd) controls various operational parameters of MRS such as the location of the various MRS directories (most of them are auto-generated by the configure step of the MRS sources), the location/path of externally used utilities (clustalw, NCBI BLAST), as well as the port number and URL location of the MRS SOAP web services servers. Latter articles will explain this parameters in more detail.</span></li>
</ul>
</div>
<div>
<span style="font-family: inherit;">Both of the previously mentioned files have a sample you can use for reference (*.dist files). </span></div>
<div>
<span style="font-family: inherit;"><br /></span>
</div>
<div>
<span style="font-family: inherit;">If you can see all of these things at this point, you are on good track to fire up MRS for the first time and check it out. We will do that by navigating back to the /usr/lsc/mrs/bin directory. We are going to fetch a simple databank and watch MRS generate the index so we can query the database. We shall do that by running the mrs-update utility:</span></div>
<div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>./mrs-update enzyme</b></span></div>
<div style="font-family: Times, 'Times New Roman', serif;">
<br /></div>
<div>
<span style="font-family: inherit;">and if everything was compiled properly, MRS will issue the following output:</span></div>
<div style="font-family: Times, 'Times New Roman', serif;">
<br /></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>/usr/lsc/mrs/bin/mrs-run-and-log -r 5 -l /storage/tools/mrsdata/status/enzyme.fetch_log /usr/bin/make -f /usr/lsc/mrs/bin/mrs-update DATABANK=enzyme fetch</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>/usr/bin/make: success</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>/usr/lsc/mrs/bin/mrs-run-and-log -r 5 -l /storage/tools/mrsdata/status/enzyme.mrs_log /usr/bin/make -f /usr/lsc/mrs/bin/mrs-update DATABANK=enzyme mrs</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>/usr/bin/make: success</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>rm -f /storage/tools/mrsdata/flags/enzyme.fetch_done /storage/tools/mrsdata/flags/enzyme.mrs_done </b></span></div>
<div style="font-family: Times, 'Times New Roman', serif;">
<br /></div>
<div>
<span style="font-family: inherit;">After that, we can navigate under the MRS data directory to gain a basic understanding of what happens every time MRS generates the index of a databank. Under the data directory (in my case as indicated by the above output /storage/tools/mrsdata), you will find the following sub-directories:</span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: inherit;"><b>mrs</b>: This is where the MRS index files are produced and stored. Each databank has a number of associated .cmp files, together with an associated dictionary file .dict. For the enzyme databank, the produced files are enzyme.cmp and enzyme.dict.</span></li>
<li><span style="font-family: inherit;"><b>raw</b>: This directory holds the flatfiles of the databanks. These are downloaded from the URL and method, as specified in the databank.info file. </span></li>
<li><span style="font-family: inherit;"><b>status</b>: A useful directory for the MRS administrator, as it holds important logs about the status of the mrs-update process for the databanks. For each MRS hosted databank, you can see the fetch_log (whether the flatfile download procedure was completed), the mrs_log which outlines whether the MRS index generation was completed properly. Finally, if all was completed properly, an mrs_done file is created to indicate that MRS was successful in updating the databank. The logs for each databank auto-rotate. </span></li>
<li><span style="font-family: inherit;"><b>docroot</b>: This directory holds the CSS/HTML and web content of the MRS HTTP server. We will describe how to fire-up this server shortly, together with the system SOAP functionality. </span></li>
<li><span style="font-family: inherit;"><b>flags</b>: This directory is used internally by MRS to sync certain procedures of the databank fetching process. </span></li>
<li><span style="font-family: inherit;"><b>blast</b>: This directory contains the NCBI BLAST database index for each databank, in order to BLAST databases via the MRS system.</span></li>
</ul>
<div>
<span style="font-family: inherit;">Hence, every time you mrs-update a databank, the latest flatfiles are fetched automatically under the raw directory. After that, the mrs-build utility will attempt to invoke the MRS parsers and create the index under the mrs directory. </span></div>
</div>
<div>
<span style="font-family: inherit;"><br /></span>
</div>
<div>
<span style="font-family: inherit;">If you wish to see which databanks you can fetch/update with the mrs-update utility, here is a list of them:</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>dbest embl_release embl_updates enzyme genbank_release gene go goa gpcrdb interpro omim oxford pdb pdbfinder2 dssp hssp pfam pmc prints prosite rebase refseq_release refseq_updates taxonomy unigene uniprot uniref50 uniref90 uniref100</b></span></div>
<div style="font-family: Times, 'Times New Roman', serif;">
<br /></div>
<div>
<span style="font-family: inherit;">I leave the mrs-index generation of them as an exercise to the reader with two hints:</span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: inherit;">Do not attempt to start multiple mrs-update processes in parallel. Remember, the index generation process does not scale.</span></li>
<span style="font-family: inherit;">
</span>
<li><span style="font-family: inherit;">Some of the largest databanks (embl_release, genbank, dbest, pdb, hssp) will require entire days to download and index. Thus, what I tend to do is to issue something like: <b>nohup ./mrs-update embl_release &</b> , to ensure that the process will not be interrupted by a terminal session timeout/disconnection.</span></li>
</ul>
<h3 style="text-align: left;">
<span style="font-family: Times, 'Times New Roman', serif;"><b>Querying and firing up the MRS web and SOAP server</b></span></h3>
</div>
<div>
<span style="font-family: inherit;">If you have followed all the previous instructions, you should have installed MRS and have indexed one or more databanks. What about querying them to ensure that MRS does indeed its job? After all that effort, you should really experience the power and simplicity of MRS searches. </span></div>
<div>
<span style="font-family: inherit;"><br /></span>
</div>
<div>
<span style="font-family: inherit;">The most user intuitive way is to fire up the MRS web server. Before you fire up the MRS web server interface, you should consider making a non-privileged user. Up to this point, we have been working as root. However, opening an HTTP/SOAP port bound to a process with superuser credentials is not the best thing for the security of your server. What I do is to make a normal system user:</span><br />
</div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>useradd -d /home/users/mrsuser mrsuser</b></span></div>
<div>
<span style="font-family: Times, 'Times New Roman', serif;"><br />
</span></div>
<div>
<span style="font-family: inherit;">I assign a secure password to the user. As root, I make sure that this user can have access to the /var/log/mrsws.log file which logs the queries that hit the MRS SOAP server:</span><br />
</div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>touch /var/log/mrsws.log</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>chown mrsuser /var/log/mrsws.log</b></span></div>
<div>
<span style="font-family: Times, 'Times New Roman', serif;"><br />
</span></div>
<div>
<span style="font-family: inherit;">and also change the owneship of the /usr/lsc/mrs directories to the mrsuser recursively:</span></div>
<div>
<span style="font-family: inherit;">chown -R mrsuser /usr/lsc/mrs</span></div>
<div>
<span style="font-family: inherit;"><br /></span>
</div>
<div>
<span style="font-family: inherit;">After that, I switch to the mrsuser and start the MRS SOAP server by navigating to the following directory:</span><br />
</div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>su - mrsuser</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>cd /usr/lsc/mrs/sbin</b></span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><b>nohup ./mrs-ws &</b></span></div>
<div>
<span style="font-family: Times, 'Times New Roman', serif;"><br />
</span></div>
<div>
<span style="font-family: inherit;">This starts a number of mrs-ws servers with the credentials of the mrsuser and not the root account. Make sure you do not have a firewall between your desktop and the server and point a <b>recent web browser version</b> (Firefox 8, Chrome) to the IP of your server, following the URL convention:</span></div>
<div>
<span style="font-family: inherit;">http://IP_of_your_server:18080 </span></div>
<div>
<span style="font-family: Times, 'Times New Roman', serif;"><br />
</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaH7Z0xOf3rL5qSF4XslCkzphOJemLNjr1mUUYN79anNmTwCyokRVFf7P1fxvG9TcIz1dZpOAKVWJnF3geLyaDKashw-c0xynCol0dEIF6jn3FmLoR4Ko3z61Cpsvk4KnPPiBgYVrZrh4Y/s1600/Screen+shot+2012-01-06+at+6.23.58+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaH7Z0xOf3rL5qSF4XslCkzphOJemLNjr1mUUYN79anNmTwCyokRVFf7P1fxvG9TcIz1dZpOAKVWJnF3geLyaDKashw-c0xynCol0dEIF6jn3FmLoR4Ko3z61Cpsvk4KnPPiBgYVrZrh4Y/s640/Screen+shot+2012-01-06+at+6.23.58+PM.png" width="640" /></a></div>
<div>
<span style="font-family: Times, 'Times New Roman', serif;"><br />
</span></div>
<div>
</div>
<div>
<span style="font-family: inherit;">If you hit the Status tab, you will see the MRS web environment as shown above. You can enter your search terms in the top bar and search against all or specific databases.</span></div>
<div>
<span style="font-family: inherit;"><br /></span>
</div>
<div>
<span style="font-family: inherit;">There are other ways to search the databases that will be outlined in Part 3 of this article series. However, you have now the basic knowledge of how to kickstart MRS in a basic way. In the next article, we will discuss the production usage of MRS. </span></div>
<div>
<span style="font-family: Times, 'Times New Roman', serif;"><br />
</span></div>
<div>
<span style="font-family: Times, 'Times New Roman', serif;"><br />
</span></div>
<div>
<span style="font-family: Times, 'Times New Roman', serif;"> </span><span style="font-family: Times, 'Times New Roman', serif;"> </span></div>
</div>
<div>
</div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><br />
</span></div>
<div>
<span style="font-family: 'Courier New', Courier, monospace;"><br />
</span></div>
<br />
<div>
<br />
<br /></div>
</div>
</div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-74346538790753387562011-12-26T04:53:00.000-08:002012-01-06T15:06:33.872-08:00The bioinformatics sysadmin craftmanship: The MRS v5 platform: Part 1<div dir="ltr" style="text-align: left;" trbidi="on">I always wanted to gather my thoughts on the process of installing the <a href="http://nar.oxfordjournals.org/cgi/content/full/33/suppl_2/W766?ijkey=1hM9Po54JADYz0b&keytype=ref" target="_blank">Maartens Retrieval System (MRS)</a> properly on a RHEL server platform. This series of articles describe the procedure in detail and can serve as a guide for the system administrator and/or power user that wishes to install a production grade MRS server. Although MRS is relatively simple to install, there are a few gotchas and complexities, especially when you do not install it on a Debian based platform (including Ubuntu).<br />
<br />
In the first part of the article series, I shall describe MRS version 5, in a few words and discuss a regular production setup you should consider, in order to ensure that you have a reliable MRS engine running.<br />
<br />
Please do not send me questions directly if you have various MRS issues beyond the setup stage (comments are welcome). Subscribe and ask your questions to the <a href="https://mail.cmbi.ru.nl/mailman/listinfo/mrs-user" target="_blank">mrs-user discussion list</a> for that purpose, where I normally participate in the discussions.<br />
<br />
<br />
<span style="font-size: small;"><b>MRS: What is it and why life scientists need it?</b></span><br />
<br />
I have gathered some useful background information in these <a href="http://folk.uio.no/georgios/other/mrskurs.pdf" target="_blank">MRS lecture notes</a>. A <a href="http://www.nnb.unam.mx/video/cursos/Course.+Sequence+Mining+in+Biological+databases%3A+A+case+with+..." target="_blank">video of the course</a> is also available. Here I shall just state the basics.<br />
<br />
In the bioinformatics world, biological sequence, disease and genome repositories are an important tool for the life scientist. Note that I use the term '<i>repository</i>' and not another word such as 'database'. We have not got to the database business yet. What we know is that the era of molecular and genomic medicine is here and thus being able to search/reference/associate sequence/genome and disease information is important.<br />
<br />
Now, think about your favorite search engine (Google, Yahoo, etc) and then narrow your scope to life science information. This is the purpose of MRS. It is a simple system that allows you to search various life science information repositories. Most of these repositories are given in what we call 'flatfile' format: usually a human readable text which contains a consistent record format, but not enough structure to be able to search the file(s) in question and make them useful for the scientists.<br />
<br />
An index is what we need to apply on these flatfiles and make them searchable. MRS does exactly that amongst many other things and we can now talk about life science databases. So, it is a set of tools that provides access to:<br />
<br />
<ul style="text-align: left;"><li>i)An engine that indexes the flatfiles, as well as keeping them up-to-date.</li>
</ul><ul style="text-align: left;"><li>ii)A set of tools to present a simple web interface, to facilitate a web search pretty much like you perform your searches in your web browser with your preferred search engine.</li>
</ul><ul style="text-align: left;"><li>iii)A set of tools that allow you to perform programmatic searches, ie searches that can be issued in a repeated way from a script/batch mode.</li>
</ul><ul style="text-align: left;"><li>iv)BLAST and Clustalw functionality to perform biological sequence homology search and alignment from a single interface.</li>
</ul><br />
MRS is not the only system to give you this kind of functionality. In fact, <a href="http://www.ncbi.nlm.nih.gov/sites/gquery">Entrez</a> and <a href="http://www.biowisdom.com/tag/srs/">SRS</a> are two examples of a free and a commercial solution respectively that are comprehensive and will probably suit most of your needs. In addition, a growing number of web services (as in <a href="http://en.wikipedia.org/wiki/Web_service" target="_blank">SOAP/REST</a>) can facilitate easy information access to biological databases. Examples include EBI's <a href="http://www.ebi.ac.uk/ena/about/browser" target="_blank">ENA browser</a> and <a href="http://www.ebi.ac.uk/Tools/webservices/" target="_blank">other similarly crafted tools</a>, which can facilitate programmatic access to large datasets.<br />
<br />
So, if other resources can provide free access to relevant information, why should you invest in effort and hardware to use MRS? The answer is along the following lines:<br />
<br />
i)If you have power bioinformaticians in house that need persistent and concurrent programmatic access to large biological databases AND/OR<br />
ii)You need to facilitate simple web access to life scientists for your own sequence data<br />
<br />
MRS is one of the most computationally efficient engines to address both of these issues. In terms of issue i), programmatic access is not always available at large from public resources (there is a quota on how many questions you can ask over a public web service given a certain amount of time to prevent resource utilization). In addition, network bandwidth could restrict you from retrieving a large number of sequences/info. This is an important factor if you run a departmental/workgroup computing setup, where your local bioinformatician can issue several hundred thousands queries on data sets that can reach TiBs of information.<br />
<br />
<br />
<b>What kind of computing gear do you need to run MRS?</b><br />
<br />
Although MRS is fairly efficient, running it on a<b> dedicated</b> server grade machine is a must. This is especially true for the dataset indexing processes, where large amounts of RAM maybe required to crunch a large flatfile repository such as the <a href="http://www.ebi.ac.uk/embl/">EMBL Nucleotide </a>or <a href="http://www.ncbi.nlm.nih.gov/genbank/">Genbank</a> data sets. The table below provides an overview of the minimum computing requirements required for various aspects of the MRS operation.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4WLnpd4y2ZGQLZyod78aN21tE4-iFiSxe4c_RLqImxmI_v9G0omk3Z_FQM2VxRpHZ3XSY79hXC1wqOpdQQzRLG6T1FleZTiozSsANN8Krp4tNF139XwUBDFUjkdG2fWIWVgcrYtaX7cA7/s1600/mrsv5hardwarereq.002.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4WLnpd4y2ZGQLZyod78aN21tE4-iFiSxe4c_RLqImxmI_v9G0omk3Z_FQM2VxRpHZ3XSY79hXC1wqOpdQQzRLG6T1FleZTiozSsANN8Krp4tNF139XwUBDFUjkdG2fWIWVgcrYtaX7cA7/s400/mrsv5hardwarereq.002.png" width="400" /></a></div><br />
<br />
The hardware impact of MRS can be measured in terms of the:<br />
<br />
<ul style="text-align: left;"><li><b>Disk space</b>: This is Directly Attached (DAS) or network filesystem storage, in order to store the flatfiles and indices of the various datasets.</li>
<li><b>RAM</b>: The amount of RAM needed to perform the indexing operations and/or have people using the system at the same time (MRS queries). A query could be an index or full text search on the datasets, an NCBI BLAST operation, or a CLUSTAL operation. </li>
<li><b>CPU cores</b>: The number of CPU cores required by the various indexing/quering processes. </li>
</ul><br />
<br />
It is important to understand the disk space requirements for hosting the MRS datasets, especially the well known/standard ones (it is possible to build your own datasets). For example, in order to host the EMBL nucleotide dataset, you need to count for the space to download its compressed flatfiles plus the space required to generate and store the MRS EMBL index. At the time of writing, the release 110 compressed flatfiles are worth 177 Gb. The index is worth approximately 980 Gb. So immediately after crunching the EMBL dataset for the first time, you are writing off just over 1 Tb of disk space.<br />
<br />
Is that all? Well, not exactly. During the index generation stage you might also have to deal with:<br />
<ul style="text-align: left;"><li>lots of <b>temporary files</b> that are created and then merged into the main index. </li>
<li>If you data set should have <b>NCBI BLAST indices</b> (MRS can take care of that automatically for you by running the formatdb process. </li>
<li>In addition, the next time you upgrade the version of EMBL, you will need to keep the old index on disk. Your users will be using the server in the meantime and as the download indexing process takes at least 3-5 days, you might not have the choice of deleting the old index and flatfiles and wait for the new one to download and be crunched. </li>
</ul>Hence, an estimate for a full production cycle for the EMBL release 111 could consume at most:<br />
<div style="text-align: center;"><i><b>old MRS index + new flatfiles compressed + new MRS Index + temp files + BLAST indices = </b></i></div><div style="text-align: center;"><i><b>980 + 190 + 1100 + 100 + 50 = 2429 Gb = 2.4 Tb</b></i></div><div style="text-align: center;"><br />
</div><div style="text-align: left;">At the end of the version EMBL 111 indexing process, only 1.3 Tb will be left permanently on disk, which shows the efficiency of MRS: an uncompressed version of all the flatfiles will be more than that. That´s why I state a minimum of 2 Tb disk space is required for now. Factor in the increase of datasets on a yearly basis and any hosting of your own datasets and you will need to dedicate 9 -10 Tb in a nice hardware disk controller that can support <a href="http://en.wikipedia.org/wiki/Nested_RAID_levels#RAID_60_.28RAID_6.2B0.29" target="_blank">nested RAID</a>, on a single volume/partition/filesystem, in order to ensure that you remain production ready for the next couple of years. I would go either for RAID 50 or RAID 60.</div><div style="text-align: left;"><br />
</div><div style="text-align: left;">Moving on to RAM requirements, well the more RAM you have, the better for you. However RAM is not always as inexpensive as disk space, so the very minimum requirement you should have is 32 Gb of RAM. Why? Well, take a look at the screenshot below.</div><div style="text-align: left;"><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis0I7stFNVmD6YEP2upNjet8ea7a-hQBzhX0OUe9Xhm9WbjzD9BNj-WXcrrLSuL009X85QjwMkdv531x2Ysrv5y1SEQZFF9toCTDnnI_MrF8oEd6yNv_V_MqWInRNFJyjXNGaJGvISAS-k/s1600/MRStopcn1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="261" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis0I7stFNVmD6YEP2upNjet8ea7a-hQBzhX0OUe9Xhm9WbjzD9BNj-WXcrrLSuL009X85QjwMkdv531x2Ysrv5y1SEQZFF9toCTDnnI_MrF8oEd6yNv_V_MqWInRNFJyjXNGaJGvISAS-k/s400/MRStopcn1.png" width="400" /> </a></div><div class="separator" style="clear: both; text-align: center;"><br />
</div><div class="separator" style="clear: both; text-align: left;">This terminal 'top' command screenshot shows the EMBL data indexing process (mrs-build) grabbing a 21Gb RAM chunk, on a system with 32 Gb of physical RAM. MRS large dataset indexing is a very RAM hungry process. Thus, if you want the server to be able to be responsive (queries) and/or crunch more than one index in parallel, you should really have more than 32 Gb of RAM plus an adequate amount of swap. </div><div class="separator" style="clear: both; text-align: left;"><br />
</div><div class="separator" style="clear: both; text-align: left;">Finally, 8 cores could do for doing one thing at the time. Again, as we RAM, the more the better, however if you have at least 16 cores, you should be able to ensure that you should serve adequately a small group ( <= 20 ) of users. </div><div class="separator" style="clear: both; text-align: left;"><br />
</div><div class="separator" style="clear: both; text-align: left;">One final thing you should note about MRS is that the index generation process is <b>not</b> scalable CPU and I/O wise. You can have at most up to 8 cores to build the index of a large dataset. This means that if you want to generate the index of large datasets, it is not worth launching multiple mrs index building processes in parallel. This will not speed up things. In contrast, MRS queries can scale. This means that user queries can be executed in parallel and dealt effectively if your system is loaded with lots of CPUs/cores RAM and a capable disk controller. </div><div class="separator" style="clear: both; text-align: left;"></div><div class="separator" style="clear: both; text-align: left;"><br />
</div>In the next part (<a href="http://epistolatory.blogspot.com/2012/01/bioinformatics-sysadmin-craftmanship.html" target="_blank">Part 2</a>) of the article series, we will be setting up an MRS v5 server.<br />
<div class="separator" style="clear: both; text-align: left;"></div> </div></div>kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com2tag:blogger.com,1999:blog-2248117304334958898.post-91110583887959590452011-12-25T02:59:00.000-08:002011-12-25T03:02:47.343-08:00A christmas post<div dir="ltr" style="text-align: left;" trbidi="on">To the readers of the blog: Have a very nice Christmas holiday and charge your batteries for 2012. Thank you for the blog hits!<br />
<br />
<iframe width="560" height="315" src="http://www.youtube.com/embed/ItntjRGCZ7c" frameborder="0" allowfullscreen></iframe><br />
</div>kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-75985749281572244082011-12-04T14:36:00.000-08:002011-12-04T14:38:05.288-08:00Can you crack it? GCHQ challenge<div dir="ltr" style="text-align: left;" trbidi="on">Yes, we can! We send our GCHQ friends, a nice cup of tea. Happy listening! :-)<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheBif7byLfcowfxFHR2gx4jGrvxCoo4dvEesa6M9f3_QaHBY9UWmqwyoYkdEs7QijQgitQ0vZEnWpDdak5uxm8bnSojAJvvOrdg-pFo9gwl19WfCCBeGR8cKtwaL-iwSbAeLUW6JnDHwhD/s1600/canyoucrackit.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheBif7byLfcowfxFHR2gx4jGrvxCoo4dvEesa6M9f3_QaHBY9UWmqwyoYkdEs7QijQgitQ0vZEnWpDdak5uxm8bnSojAJvvOrdg-pFo9gwl19WfCCBeGR8cKtwaL-iwSbAeLUW6JnDHwhD/s640/canyoucrackit.png" width="640" /></a></div><br />
</div>kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-69767536662766096642011-11-14T04:43:00.000-08:002012-08-10T02:46:41.943-07:00RHEL 6 Part IV: Placing XFS into production and measuring performance<div dir="ltr" style="text-align: left;" trbidi="on">
<b>Making an XFS filesystem for a production environment</b><br />
<br />
It's about time we see some actions apart from the <a href="http://epistolatory.blogspot.com/2010/12/rhel-6-part-iii-first-impressions-from.html" target="_blank">first sysadmin impressions on RHEL 6</a>, as described in the previous article of the series. One of the first fundamental differences between RHEL 5 and 6 is the support for <a href="http://en.wikipedia.org/wiki/XFS" target="_blank">XFS</a> filesystem deployments. Why would you care to support XFS? Well simply, apart from the multi-threaded performance, if you are an ext4 kind of guy and you are likely to store more than 16 TiB on a volume, then XFS is your best choice (actually ext4 can support filesystems up to 1 EiB, however the accompanying filesystem utilities and the support on these utilities limit the supported size of a volume down to 16TiB).<br />
<br />
Another kind of 'gotcha' (which I really dislike with RedHat) is that in RHEL 6, you should not take <b>support</b> of XFS for granted, unless your license includes the duties paid for the appropriate layered product, which is called "<a href="http://www.redhat.com/rhel/add-ons/scalable_file_system.html" target="_blank">Scalable File System Add-On</a>" (my own translation: "Give us your money if you want fs support over 16 TiB" :-) ). If you have paid for a basic RHEL 6 license, your RHN registered your machine, <i>mkfs.xfs</i> is missing from your root path and a<i> yum search xfsprogs</i> returns nothing, you know that you need to look into your pocket and not the yum repository config. <br />
<br />
If you do not want to spend money and willing to risk running an XFS installation without support, head over to the nearest CentOS 6 repository, download the xfsprogs and xfsprogs-devel RPMs, do a yum install with these two RPMs and you will be good to go.<br />
<br />
I used a simple Directly Attached Storage setup of a Dell PowerEdge R815 server, fitted with an <a href="http://www.dell.com/downloads/global/products/pvaul/en/perc-technical-guidebook.pdf" target="_blank">H800 PERC SAS 6Gb controller</a> driving a single Dell MD1200 cabinet fitted with 12 x 2Tb Nearline 6Gb SAS drives. Four of them were used for the purposes of the test in RAID0 config. In order to be precise, for those of you familiar with the OMSA setup, here is the exact config as reported by the <i>omreport storage vdisk</i> OMSA command:<br />
<br />
<br />
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">ID : 2</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Status : Ok</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Name : EMBNETGALAXY</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">State : Ready</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Encrypted : Not Applicable</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Layout : RAID-0</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Size : 7,450.00 GB (7999376588800 bytes)</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Device Name : /dev/sdd</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Bus Protocol : SAS</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Media : HDD</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Read Policy : Read Ahead</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Write Policy : Write Back</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Cache Policy : Not Applicable</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Stripe Element Size : 256 KB</span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;">Disk Cache Policy : Enabled</span></span><br />
<br />
Returning back to the OS land, the first step is to connect the built hardware virtual disk (vdisk) to LVM2, so I can have the luxury of expanding the filesystem size at will in the future.<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
<span style="font-size: small;">[root@biotin src]# pvcreate /dev/sdd<br />
Physical volume "/dev/sdd" successfully created<br />
[root@biotin src]# vgcreate VGEMBGalaxy /dev/sdd<br />
Volume group "VGEMBGalaxy" successfully created</span></div>
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">[root@biotin src]# lvcreate -L 5T -n LVembgalaxy VGEMBGalaxy </span><br style="font-family: "Courier New",Courier,monospace;" /><span style="font-family: "Courier New",Courier,monospace;"> Logical volume "LVembgalaxy" created</span></span><br />
<br />
At that point, I have tagged the hardware created vdisk (/dev/sdd) as an LVM physical volume, created my Volume Group and made a Logical Volume of 5 Tbytes, in order to build my XFS filesystem (I am not going to use the full size of the PV, in order to demonstrate XFS expansion later on). Now, let's build the actual XFS filesystem:<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
[root@biotin src]# mkfs.xfs -d su=256k,sw=4 /dev/VGEMBGalaxy/LVembgalaxy <br />
meta-data=/dev/VGEMBGalaxy/LVembgalaxy isize=256 agcount=5, agsize=268435392 blks= sectsz=512 attr=2<br />
data= bsize=4096 blocks=1342176960, imaxpct=5 sunit=64 </div>
<div style="font-family: "Courier New",Courier,monospace;">
swidth=256 blks naming =version 2 bsize=4096 ascii-ci=0<br />
log=internal log bsize=4096 blocks=521728, version=2 </div>
<div style="font-family: "Courier New",Courier,monospace;">
sectsz=512 sunit=64 blks, lazy-count=1<br />
realtime =none extsz=4096 blocks=0, rtextents=0</div>
This actually builts the XFS filesystem on top of the LVM Logical Volume (/dev/VGEMBGalaxy/LVembgalaxy). You might have noticed that the specified stripe unit (<i>su</i>) size and the number of disks (<i>sw</i>) match the config of the H800 vdisk, as given earlier on by the output of the omreport storage vdisk command. Good system practice dictates that these parameters are passed to the <i>mkfs.xfs</i> utility, in order to improve filesystem performance.<br />
<br />
We are now ready to mount the filesystem, so we make sure the mountpoint exists and enter an entry to the /etc/fstab: <br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">/dev/VGEMBGalaxy/LVembgalaxy /storage/tools xfs rw,nobarrier,inode64 0 0</span><br />
<br />
Note the nobarrier and inode64 flags. The first (which is also applicable to ext4 filesystems) makes sure that you get a bit of extra performance boost, if and only if your disk controller cache memory is battery backed (and the battery is good AND you have a UPS to shutdown your system properly). The same objective is set by using the inode64 flag, although it can break some older applications (old NFS v3 clients that NFS import the XFS partition, applications whose binaries are older than 4-5 years and write locally on the disk). A <i>mount -a</i> later and you should be able to see the XFS filesystem accessible:<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
[root@biotin src]# df -h </div>
<span style="font-family: "Courier New",Courier,monospace;">Filesystem Size Used Avail Use% Mounted on</span><br />
<span style="font-family: "Courier New",Courier,monospace;">...</span><br />
<span style="font-family: "Courier New",Courier,monospace;">/dev/mapper/VGEMBGalaxy-LVembgalaxy</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 5.0T 33M 5.0T 1% /storage/tools</span><br />
<br />
One thing that you will also note, is that the default settings give you a substantially large number of available inodes, always in comparison to ext4 based similarly sized filesystems:<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
[root@biotin src]# df -ih<br />
Filesystem <b>Inodes</b> IUsed IFree IUse% Mounted on<br />
/dev/mapper/VGext4a-LVarea1<br />
<b>346M</b> 12 346M 1% /storage/area1<br />
/dev/mapper/VGext4b-LVarea2<br />
<b>346M</b> 11 346M 1% /storage/area2<br />
/dev/mapper/VGEMBGalaxy-LVembgalaxy<br />
<b>1.0G</b> 3 1.0G 1% /storage/tools</div>
<br />
Now, let's say that all is good, you go ahead and use the filesystem and after some time your users fill up the volume. How about expanding the volume and add say a couple of TiBs, to give them some breathing space? Sure, quite easily, without even taking off-line (unmounting the filesystem). First, we extend the LV:<br />
<br />
[root@biotin src]# lvextend -L+2T /dev/VGEMBGalaxy/LVembgalaxy<br />
Extending logical volume LVembgalaxy to 7.00 TiB<br />
Logical volume LVembgalaxy successfully resized<br />
<br />
And then tell XFS to grow up to the size of the extended LV by doing a:<br />
<br />
[root@biotin src]# xfs_growfs /storage/tools/<br />
<span style="font-family: "Courier New",Courier,monospace;">meta-data=/dev/mapper/VGEMBGalaxy-LVembgalaxy isize=256 agcount=5, agsize=268435392 blks</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> = sectsz=512 attr=2</span><br />
<span style="font-family: "Courier New",Courier,monospace;">data = bsize=4096 blocks=1342176960, imaxpct=5</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> = sunit=64 swidth=256 blks</span><br />
<span style="font-family: "Courier New",Courier,monospace;">naming =version 2 bsize=4096 ascii-ci=0</span><br />
<span style="font-family: "Courier New",Courier,monospace;">log =internal bsize=4096 blocks=521728, version=2</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> = sectsz=512 sunit=64 blks, lazy-count=1</span><br />
<span style="font-family: "Courier New",Courier,monospace;">realtime =none extsz=4096 blocks=0, rtextents=0</span><br />
<span style="font-family: "Courier New",Courier,monospace;">data blocks changed from 1342176960 to 1879048192</span><br />
<br />
<br />
Now, a df -h confirms the almost instant resize operation:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">[root@biotin src]# df -h</span><br />
<span style="font-family: "Courier New",Courier,monospace;">Filesystem Size Used Avail Use% Mounted on</span><br />
<span style="font-family: "Courier New",Courier,monospace;">...</span><br />
<span style="font-family: "Courier New",Courier,monospace;">/dev/mapper/VGEMBGalaxy-LVembgalaxy</span><br />
<span style="font-family: "Courier New",Courier,monospace;"> 7.0T 33M 7.0T 1% /storage/tools</span><br />
<br />
Quick, simple and efficient. The sort of thing you would expect from a scalable filesystem.<br />
<br />
<br />
<b>Measuring the performance envelope of XFS</b><br />
<br />
So what XFS can really do in terms of performance? There is useful info on the web and many sysadmins <a href="http://www.ilsistemista.net/index.php/linux-a-unix/13-ext4-vs-xfs-large-volumes-with-low-end-raid-controller.html" target="_blank">have tried to compare and contrast XFS against the popular ext4 filesystem</a>. Here is my method:<br />
<br />
I employ <a href="http://www.iozone.org/" target="_blank">iozone</a>, a well tested filesystem benchmarking tool on an ext4 volume and then on the newly constructed XFS volume. Both volumes are configured with exactly the same RAID config (RAID 0 and 4 disks), they run on the same type of hardware, they have the same fs block size (4kbytes).<br />
<br />
The mount flags for the ext4 filesystem were:<br />
<br />
<div style="font-family: "Courier New",Courier,monospace;">
rw,noatime,nobarrier,data=writeback</div>
<br />
and for the XFS filesystem:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">rw,nobarrier,inode64</span><br />
<br />
The benchmarks are run in the following order:<br />
<br />
<ul style="text-align: left;">
<li>first the ext4 benchmark is run </li>
<li>a reboot of the box follows to make sure we do not have any VFS cache/memory issues affecting the results</li>
<li> the XFS volume benchmark is run. </li>
</ul>
During both tests all other I/O activity is excluded on the box ( no users login and services are kept to a minimum. You might also find useful to disable SELinux. There is always the option of running the benchmarks in single user mode, but I wanted to monitor the box remotely, as I was writing this ).<br />
<br />
This pro the entire procedure is repeated five times and the arithmetic mean of the results is reported on the graph results.<br />
<br />
<div>
Both tests were performed by using the following iozone command:<br />
<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">nohup ./iozone -S 512 -f <i><b>volume_file_path</b></i> -P0 -Ra -i0 -i1 -i2 -i4 -n 512g -g 1024g -y64k -q512k > fileresultsFSTYPE.xls &</span><br />
<br />
<br />
The iozone manual will help you decipher the meaning of the switch options, but briefly, the command encompasses some parameters that ensure we get meaningful results, given the size of RAM of the server, the processor cache size and the test conditions. The <i>volume_file_path</i> is the absolute path of the volume where the test file should reside (the volume/partition you should test).<br />
<br />
Please note that these tests take weeks to complete properly, so should you wish to perform similar tests on a system, make sure you schedule enough downtime to complete them without additional activity on the box. <br />
<br />
Here are the results.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg77z5yNp5MpF1A20HrNlSjAXSbGwMFh34Q9Y_UeY3BvGniabKy2VqdFxs9s1M351RCWTZJ50aqdEwaOgZDNkcHGVMrwVIeVsLX65K7WX_FU9ZuFsqG-HZhYAzgEqZ0TJQQHuak2H8bGzna/s1600/xfsiozone.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg77z5yNp5MpF1A20HrNlSjAXSbGwMFh34Q9Y_UeY3BvGniabKy2VqdFxs9s1M351RCWTZJ50aqdEwaOgZDNkcHGVMrwVIeVsLX65K7WX_FU9ZuFsqG-HZhYAzgEqZ0TJQQHuak2H8bGzna/s1600/xfsiozone.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQwWciKTYRzIYjcI8L-XTPaxsVVUVGXgEg5E0tr7oEkoCfVtLQyqN54oT81Uy2ASos7dGbmFquue7iYpsuHDbFWS-ztbwYcjA_sweWNtQ6ea3RCvCo1_qR2H7jczqaasYy-WxvDEjF5_Ne/s1600/ext4iozone.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQwWciKTYRzIYjcI8L-XTPaxsVVUVGXgEg5E0tr7oEkoCfVtLQyqN54oT81Uy2ASos7dGbmFquue7iYpsuHDbFWS-ztbwYcjA_sweWNtQ6ea3RCvCo1_qR2H7jczqaasYy-WxvDEjF5_Ne/s1600/ext4iozone.png" /></a></div>
<br />
These should make the difference clear, showing in summary that as far as sequential I/O performance is concerned, XFS is better. For random I/O performance (smaller figures on the right, we have also better speed for random writes on XFS.<br />
<br />
<br />
Want a scalable solution that can give you a descent performance and have been so far on ext4, while your single volume data production rises? Think again and consider XFS!<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br /></div>
</div>kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com2tag:blogger.com,1999:blog-2248117304334958898.post-54608004128884204072011-10-24T06:03:00.000-07:002011-10-24T06:07:39.152-07:00Η Ελλάδα που δεν μπήκε ποτε στην ΕΕ και η ΕΕ που δεν έγινε ποτέ ένωση<div dir="ltr" style="text-align: left;" trbidi="on">Δε θέλω να περιαυτολογήσω και να κάνω τον ξέρολα. Όμως αναφέρθηκα στο μπλόγκ αυτό (23 Ιουλίου του 2010) στο τραγικά επίκαιρο ενδεχόμενο κηδεμονίας της χώρας με <a href="http://epistolatory.blogspot.com/2010_07_01_archive.html">ένα ηχητικό ντοκουμέντο του Μ. Χατζιδάκι, που μίλαγε για μια Ευρωπαική επαρχεία</a> (προς το τέλος του κειμένου). Ο αείμνηστος συνθέτης είχε πολύ δίκιο. Παρόλη τη σοφία του όμως δεν μίλησε για κάτι που κανένας δεν περίμενε, ούτε ο ίδιος ο Χ. Σμίτ, όταν με μια <a href="http://akioe.gr/default.asp?node=page&id=7713">ράθυμη φράση του</a> κατέδειξε το τεράστιο κενό της διοικητικής εξουσίας στην Ευρωπαική Ένωση.<br />
<br />
<br />
Σήμερα, πέρα απο τα υπόλοιπα υπαρξιακά προβλήματα της Ελληνικής Κοινοβουλευτικής δραστηριότητας, το μεγαλύτερο ταμπού για τον Έλληνα Πρωθυπουργό είναι η παραδοχή της ανάγκης κηδεμονίας της χώρας. Όχι μόνο διότι αυτή αποτελεί την πλέον αδιαμφισβήτητη απόδειξη αποτυχίας των Ελληνικών οικονομικών επιτελείων απο τη δεκαετία του 1980 έως σήμερα, αλλά και γιατί εκλαμβάνεται ως απώλεια εθνικής κυριαρχίας, κάτι που συχνά αναμεταδίδεται απο τα Μέσα Μαζικής Ενημέρωσης.<br />
<br />
Η δική μου άποψη είναι ότι όταν τα πράγματα στενεύουν κάποιος πρέπει να είναι ψύχραιμος και πραγματιστής. Η ψυχραιμία συνιστά την αποφυγή κάθε είδους ακρότητας σε λόγια και έργα (απεργίες, καταστροφές περιουσιών, προπυλακισμούς βουλευτών αλλά και απο την άλλη μεριά 'Βενιζελικές' τακτικές διακοπής διαπραγμάτευσης με την τρόικα για το θεαθήναι).<br />
<br />
Ο πραγματισμός συνιστά ότι ο Πρωθυπουργός πρέπει να παραδεχθεί δημόσια την ανάγκη Οικονομικής Κηδεμονίας. Όχι έτσι, άκριτα, αλλά υπο προυποθέσεις. Πρέπει ο Έλληνας Πρωθυπουργός και ο αρχηγός της Αξιωματικής Αντιπολίτευσης να σταματήσουν τον κομματικό κλεφτοπόλεμο και να πείσουν την Ευρώπη (μαζί με άλλα στελέχη) για <b>ενιαία οικονομική διαχείριση</b>. Δεν νοείται οικονομική και νομισματική σύγκλιση με διαχειριστές δύο ταχυτήτων. <a href="http://news.in.gr/greece/article/?aid=1231134412">Αυτά που λέει ο Ρεν</a> περι μη θεσμικότητας κηδεμονίας μιας χώρας είναι αποτυχημένα παιχνίδια απόκρυψης της αλήθειας. Η αλήθεια είναι μοναδική και ορατή: <br />
<br />
Ή απο κοινού συμφωνείτε να ενισχύσετε το EFSF, να κουρέψετε γενναία τα δάνεια του Νότου και να θέσετε τον έλεγχο στις Βρυξέλλες, ή κλείστε το μαγαζί και αφήστε μας να ζήσουμε τη ζωή μας (άν τολμάτε). Η δύναμη της Ένωσης, έστω και στην παρούσα προβληματική μορφή είναι ακόμα το <b>ισχυρότερο </b>διαπραγματευτικό χαρτί της Ελλάδας. Εαν οι Παπανδρέου και Σαμαράς δεν το παίξουν καλά τώρα, δε θα υπάρχει πολιτικό μέλλον για αυτούς και τις παρατάξεις τους. Ούτως η άλλως η Ελλάδα θα επιβιώσει. Το θέμα είναι εαν οι δυό τους θα είναι απάνω στο τρένο ή θα το κοιτάνε να φεύγει απο την πλατφόρμα του σταθμού. <br />
<br />
</div>kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-32691373690830899152011-09-21T02:23:00.000-07:002012-12-25T11:08:24.656-08:00H Kάισα Έκις Έκμαν για την Ελλάδα, το χρέος της την ΕΕ και το ΔΝΤ.<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="color: black;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKCzXkfEOG_xerXOkDOLcYMAJP43Q5vvRitcZZ-QDXfYbwKDIUIplgSm75kWpcKBt3DKv2e1ohVMFrA_42mdes2cFl5dU6jUgHffw-Bnn0UZEiGn7_NUb8IprFSRVBeBbh4RaUGNLQJph3/s1600/Greek-demonstration.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="420" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKCzXkfEOG_xerXOkDOLcYMAJP43Q5vvRitcZZ-QDXfYbwKDIUIplgSm75kWpcKBt3DKv2e1ohVMFrA_42mdes2cFl5dU6jUgHffw-Bnn0UZEiGn7_NUb8IprFSRVBeBbh4RaUGNLQJph3/s640/Greek-demonstration.png" width="640" /></a></div>
<br />
<br />
<span style="font-family: inherit;"><i><span style="color: #0041c2; font-size: small;">Το <a href="http://www.dn.se/kultur-noje/debatt-essa/kajsa-ekis-ekman-nar-eurokostymen-inte-passar">άρθρο</a> που ακολουθεί δημοσιεύτηκε απο την <a href="http://sv.wikipedia.org/wiki/Kajsa_Ekis_Ekman">Κάισα Έκις Έκμαν</a> (γνωστή δημοσιογράφο και συγγραφέα της Σουηδίας) στις 8</span><span style="color: #0041c2; font-size: small;"> </span><span style="color: #0041c2; font-size: small;">Αυγούστου 2011 </span><span style="color: #0041c2; font-size: small;">στην έγκυρη σουηδική εφημερίδα</span><span style="color: #0041c2; font-size: small;"><a href="http://www.dn.se/"> Dagens Nyheter (Tα νέα της ημέρας)</a> και</span><span style="color: #0041c2; font-size: small;"> </span><span style="color: #0041c2; font-size: small;">περιγράφει την κατάσταση στην Ελλάδα</span><span style="color: #0041c2; font-size: small;"> </span><span style="color: #0041c2; font-size: small;">αντικειμενικά, </span><span style="color: #0041c2; font-size: small;">κόντρα στην κυρίαρχη προπαγάνδα των ευρωπαϊκών</span><span style="color: #0041c2; font-size: small;"> </span><span style="color: #0041c2; font-size: small;">ΜΜΕ </span><span style="color: #0041c2; font-size: small;">(και των σουηδικών ΜΜΕ δυστυχώς μεταξύ αυτών). Ευχαριστώ θερμά το φίλο και συνάδερφο Ιορδάνη Ακριτίδη για την αποστολή του και παραθέτω τη μετάφραση. ΓΜ</span></i></span> </div>
<div style="color: black;">
<span style="font-family: inherit;"><span style="color: #0041c2; font-size: small;"> </span> </span></div>
<div style="color: black;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Η Ελλάδα βυθίζεται όλο και περισσότερο στην</span><span style="font-size: small;"> </span><span style="font-size: small;">οικονομική κρίση. Η Κάισα Έκις Έκμαν</span><span style="font-size: small;"> </span><span style="font-size: small;">επισκέφτηκε μια παρεξηγημένη χώρα με ένα διερρηγμένο</span><span style="font-size: small;"> </span><span style="font-size: small;">κοινωνικό συμβόλαιο, όπου όλοι συμφωνούν μεταξύ τους.</span> <span style="font-size: small;">Πώς θα νιώθαμε αν όλα όσα μας ανήκαν πουλιόνταν για</span><span style="font-size: small;"> </span><span style="font-size: small;">να ξεπληρώσουμε δάνεια από τα οποία δεν είδαμε</span><span style="font-size: small;"> </span><span style="font-size: small;">ποτέ όφελος; Αν οι μισθοί μας μειώνονταν στο μισό</span><span style="font-size: small;"> </span><span style="font-size: small;">και τα λεφτά πήγαιναν κατευθείαν σε ξένες τράπεζες;</span> <span style="font-size: small;">Και αν εμείς, ενώ προετοιμαζόμασταν να ζήσουμε στο</span><span style="font-size: small;"> </span><span style="font-size: small;">οριο διαβίωσης, ως επιστέγασμα όλων αποκαλούμασταν</span><span style="font-size: small;"> </span><span style="font-size: small;">τεμπέληδες και κακομαθημένοι; Αν κάποιος εξοικειωθεί</span><span style="font-size: small;"> </span><span style="font-size: small;">με αυτή την κατάσταση, μπορεί να αποκτήσει μια ιδέα πώς είναι να είσαι Έλληνας</span><span style="font-size: small;"> </span><span style="font-size: small;">αυτή τη στιγμή.</span></span> </div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Έχω μόλις επιστρέψει από την Ελλάδα. Σε μία</span><span style="font-size: small;"> </span><span style="font-size: small;">χώρα που βρίσκεται σε κρίση επικρατεί μια ιδιαίτερη</span><span style="font-size: small;"> </span><span style="font-size: small;">ατμόσφαιρα. Μια καχεξία και απελπισία, αναμεμιγμένη</span><span style="font-size: small;"> </span><span style="font-size: small;">με την πολιτική αφύπνιση που ακολουθεί μεγάλα</span><span style="font-size: small;"> </span><span style="font-size: small;">γεγονότα και προκαλεί ευφορία. Ξαφνικά, οι</span><span style="font-size: small;"> </span><span style="font-size: small;">χαμηλοί μισθοί και η δυσκολία πληρωμής των</span><span style="font-size: small;"> </span><span style="font-size: small;">λογαριασμών, από ατομικό πρόβλημα του καθενός, απέκτησαν κοινό</span><span style="font-size: small;"> </span><span style="font-size: small;">πολιτικό περιεχόμενο. Ορισμένοι σκέφτονται να μεταναστεύσουν. Άλλοι να ρίξουν την κυβέρνηση.</span></span></div>
<div style="color: black;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Μια αναγκαία αντιασφυξιογόνα μάσκα κρέμεται σε</span><span style="font-size: small;"> </span><span style="font-size: small;">πολλά σπίτια, ως ανάμνηση των διαδηλώσεων των 28 και</span><span style="font-size: small;"> </span><span style="font-size: small;">29 Ιούνη, οπότε το κοινοβούλιο υπερψήφισε το</span><span style="font-size: small;"> </span><span style="font-size: small;">πακέτο στήριξης προς την Ελλάδα. Δεν νομίζω ότι έχω</span><span style="font-size: small;"> </span><span style="font-size: small;">βρεθεί παλιότερα σε χώρα όπου όλοι μα όλοι που</span><span style="font-size: small;"> </span><span style="font-size: small;">συνάντησα να συμφωνούν. Είναι όλοι αγανακτισμένοι με το</span><span style="font-size: small;"> </span><span style="font-size: small;">ευρώ, με τη Γερμανία, με την κυβέρνησή τους και με</span><span style="font-size: small;"> </span><span style="font-size: small;">τους εαυτούς τους που την ψήφισαν. Ύστερα από μια</span><span style="font-size: small;"> </span><span style="font-size: small;">βδομάδα στην Αθήνα, μπορώ να πω ότι αν ήμουν</span><span style="font-size: small;"> </span><span style="font-size: small;">Ελληνίδα, θα ήμουν κι εγώ αγανακτισμένη.</span></span></div>
<div style="color: black;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Αυτά που μαθαίνουμε για την Ελλάδα από τις</span><span style="font-size: small;"> </span><span style="font-size: small;">σουηδικές εφημερίδες είναι πάνω κάτω ότι οι</span><span style="font-size: small;"> </span><span style="font-size: small;">Έλληνες δουλεύουν πολύ λίγο και αμείβονται πολύ καλά.</span><span style="font-size: small;"> </span><span style="font-size: small;">Ο υπουργός Οικονομικών της χώρας μας, Άντρες</span><span style="font-size: small;"> </span><span style="font-size: small;">Μπόρι, έχει δηλώσει ότι «οι Έλληνες βγαίνουν στη</span><span style="font-size: small;"> </span><span style="font-size: small;">Σύνταξη στα 40». Στο άρθρο «Ερωτήσεις και Απαντήσεις</span><span style="font-size: small;"> </span><span style="font-size: small;">για την Ελλάδα» της 17/6 στην Dagens Nyheter</span><span style="font-size: small;"> </span><span style="font-size: small;">γραφόταν ότι οι μισθοί στην Ελλάδα έχουν αυξηθεί</span><span style="font-size: small;"> </span><span style="font-size: small;">κατακόρυφα». Η καγκελάριος της Γερμανίας</span><span style="font-size: small;"> </span><span style="font-size: small;">Άνγκελα Μέρκελ έκανε έκκληση στους Έλληνες να</span><span style="font-size: small;"> </span><span style="font-size: small;">δουλεύουν περισσότερο και να μην κάνουν τόσο πολύ καιρό</span><span style="font-size: small;"> </span><span style="font-size: small;">διακοπές. Όλα αυτά καρυκευμένα με τη συνηθισμένη</span><span style="font-size: small;"> </span><span style="font-size: small;">μπούρδα περί ενός τεράστιου και μη αποτελεσματικού</span><span style="font-size: small;"> </span><span style="font-size: small;">κράτους. Τώρα θα αναλάβει η Ευρωπαϊκή Ένωση</span><span style="font-size: small;"> </span><span style="font-size: small;">και θα τους δανείσει ακόμα περισσότερα χρήματα, αυτό</span><span style="font-size: small;"> </span><span style="font-size: small;">θα μπορούσε να βάλει σε μια τάξη τα πράγματα, άρα</span><span style="font-size: small;"> </span><span style="font-size: small;">γιατί διαμαρτύρονται; </span></span> </div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Τι τραγικός αχταρμάς παραπληροφόρησης! Και τι</span><span style="font-size: small;"> </span><span style="font-size: small;">τραγική έλλειψη αλληλεγγύης προς μία χώρα που</span><span style="font-size: small;"> </span><span style="font-size: small;">οφείλουμε τώρα να υποστηρίξουμε! <b>Οι Έλληνες</b></span><b><span style="font-size: small;"> </span><span style="font-size: small;">εργάζονται τις περισσότερες ώρες στην Ευρώπη -</span><span style="font-size: small;"> </span><span style="font-size: small;">42 ώρες τη βδομάδα σύμφωνα με τη Eurostat, την</span><span style="font-size: small;"> </span></b><span style="font-size: small;"><b>στατιστική υπηρεσία της Ευρωπαϊκής Ένωσης</b>. <b>Το</b></span><b><span style="font-size: small;"> </span><span style="font-size: small;">μέσο κατά κεφαλήν εισόδημα είναι 803 ευρώ. Το</span><span style="font-size: small;"> </span><span style="font-size: small;">πραγματικό όριο ηλικίας δεν είναι τα 40 χρόνια, όπως</span><span style="font-size: small;"> </span><span style="font-size: small;">ισχυρίζεται ο Άντερς Μπόρι, αλλά τα 61,4.</span> <span style="font-size: small;">Πρόκειται δηλαδή για έναν από τους πιο σκληρά</span><span style="font-size: small;"> </span><span style="font-size: small;">εργαζόμενους και ταυτόχρονα πιο χαμηλά</span><span style="font-size: small;"> </span></b><span style="font-size: small;"><b>αμειβόμενους λαούς της Ευρώπης.</b> Όμως έχουν μια χώρα που</span><span style="font-size: small;"> </span><span style="font-size: small;">εξαρτάται από τον τουρισμό και όχι από κάποια</span><span style="font-size: small;"> </span><span style="font-size: small;">αμιγώς δικιά της μεγάλη παραγωγή. Και μια χώρα</span><span style="font-size: small;"> </span><span style="font-size: small;">με ένα διερρηγμένο κοινωνικό συμβόλαιο. Όπου ο</span><span style="font-size: small;"> </span><span style="font-size: small;">κόσμος δεν εμπιστεύεται το κράτος ενώ το κράτος δεν</span><span style="font-size: small;"> </span><span style="font-size: small;">παρέχει στους πολίτες του ούτε τις βασικές</span><span style="font-size: small;"> </span><span style="font-size: small;">κοινωνικές υπηρεσίες. Και το οποίο, ως</span><span style="font-size: small;"> </span><span style="font-size: small;">επιστέγασμα όλων, βρίσκεται στη θηλιά του ευρώ.</span></span></div>
<div style="color: black;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Κάθε εθνικό νόμισμα μπορεί να παρομοιαστεί με</span><span style="font-size: small;"> </span><span style="font-size: small;">ενα ρούχο. Κάθε χώρα φορούσε μέχρι πρότινος το</span><span style="font-size: small;"> </span><span style="font-size: small;">ρούχο που της ταίριαζε. Μπορούσε να το στενέψει και</span><span style="font-size: small;"> </span><span style="font-size: small;">να το φαρδύνει αν ήταν ανάγκη. Για παράδειγμα,</span><span style="font-size: small;"> </span><span style="font-size: small;">μπορούσε να υποτιμήσει το νόμισμά της σε περίοδο</span><span style="font-size: small;"> </span><span style="font-size: small;">κρίσης, ή να αυξομειώνει τα επιτόκια ανάλογα με τι</span><span style="font-size: small;"> </span><span style="font-size: small;">ανάγκες της. Όταν όμως εισήχθη το ευρώ, όλες οι χώρες</span><span style="font-size: small;"> </span><span style="font-size: small;">έπρεπε ξαφνικά να φορέσουν τα ίδια ρούχα. Μόνο που τα</span><span style="font-size: small;"> </span><span style="font-size: small;">μέτρα των ρούχων πάρθηκαν για να ταιριάζουν σε</span><span style="font-size: small;"> </span><span style="font-size: small;">ορισμένες μόνο χώρες - όπως τη Γερμανία και τη</span><span style="font-size: small;"> </span><span style="font-size: small;">Γαλλία. Για άλλες χώρες, όπως η Ελλάδα, το εν</span><span style="font-size: small;"> </span><span style="font-size: small;">λόγω κουστούμι δεν ταίριαζε.</span></span></div>
<div style="color: black;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Η Ελλάδα κυβερνάται για δεκαετίες από δύο</span><span style="font-size: small;"> </span><span style="font-size: small;">«δυναστείες» - τη συντηρητική Νέα Δημοκρατία</span><span style="font-size: small;"> </span><span style="font-size: small;">και το σοσιαλδημοκρατικό ΠΑΣΟΚ, με δύο οικογένειες</span><span style="font-size: small;"> </span><span style="font-size: small;">στην κορυφή, μία στο κάθε κόμμα. Και οι δύο</span><span style="font-size: small;"> </span><span style="font-size: small;">κυβερνήσεις έχουν πάρει μεγάλα δάνεια, αλλά λίγοι ξέρουν</span><span style="font-size: small;"> </span><span style="font-size: small;">τι δρόμο πήραν τα χρήματα των δανείων. Πολλά από</span><span style="font-size: small;"> </span><span style="font-size: small;">αυτά έχουν εξαφανιστεί στη διαφθορά και σε σκοτεινά</span><span style="font-size: small;"> </span><span style="font-size: small;">συμβόλαια. Λέγεται ότι η κατασκευή ενός δρόμου</span><span style="font-size: small;"> </span><span style="font-size: small;">στην Ελλάδα κοστίζει πολύ περισσότερο απ' ότι στις</span> <span style="font-size: small;">υπόλοιπες χώρες της Ευρωπαϊκής Ένωσης, καθώς</span><span style="font-size: small;"> </span><span style="font-size: small;">παρεμβάλλονται πάρα πολλοί μεσάζοντες. Ο λαός</span><span style="font-size: small;"> </span><span style="font-size: small;">δεν θέλει να πληρώνει φόρους μιας και δεν παίρνει</span><span style="font-size: small;"> </span><span style="font-size: small;">τίποτα ως ανταπόδοση από το κράτος. Ένα μεγάλο</span><span style="font-size: small;"> </span><span style="font-size: small;">μέρος των φορολογικών εσόδων πηγαίνει στη</span><span style="font-size: small;"> </span><span style="font-size: small;">στήριξη μιας κρατικής γραφειοκρατίας που υπάρχει για</span><span style="font-size: small;"> </span><span style="font-size: small;">να εξυπηρετεί μόνο τον εαυτό της. </span></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Ταυτόχρονα οι</span><span style="font-size: small;"> </span><span style="font-size: small;">βασικές κοινωνικές υπηρεσίες αποτελούν</span><span style="font-size: small;"> </span><span style="font-size: small;">πονεμένη ιστορία για τον κόσμο. Ένας ασθενής πρέπει να</span> <span style="font-size: small;">πληρώσει φακελάκι στο γιατρό για να τον</span><span style="font-size: small;"> </span><span style="font-size: small;">φροντίσει, ενώ οι Έλληνες μαθητές χρειάζονται ιδιαίτερα</span><span style="font-size: small;"> </span><span style="font-size: small;">μαθήματα για να ανταποκριθούν στις σχολικές</span><span style="font-size: small;"> </span><span style="font-size: small;">εξετάσεις. Και μέσα σ' όλα αυτά, ήρθε η</span><span style="font-size: small;"> </span><span style="font-size: small;">οικονομική κρίση το 2008. Η Ελλάδα, η οικονομία της</span><span style="font-size: small;"> </span><span style="font-size: small;">οποίας εξαρτάται από τον τουρισμό, επλήγη ακόμα πιο</span><span style="font-size: small;"> </span><span style="font-size: small;">σκληρά.</span></span> </div>
<div style="color: black;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Υπό άλλες συνθήκες, η κυβέρνηση θα μπορούσε να</span><span style="font-size: small;"> </span><span style="font-size: small;">υποτιμήσει το εθνικό νόμισμα για βγει η χώρα</span><span style="font-size: small;"> </span><span style="font-size: small;">από την κρίση. Όμως μετά την εισαγωγή του ευρώ,</span><span style="font-size: small;"> </span><span style="font-size: small;">κάτι τέτοιο είναι αδύνατο. Η Ελλάδα περιορίζεται</span><span style="font-size: small;"> </span><span style="font-size: small;">από το κουστούμι της το οποίο δεν μπορεί να βγάλει.</span><span style="font-size: small;"> </span><span style="font-size: small;">Κι έτσι το κουστούμι καταστρέφεται - μόνο που</span><span style="font-size: small;"> </span><span style="font-size: small;">αυτό δεν επιτρέπεται να συμβεί, καθώς το ίδιο φοράνε</span><span style="font-size: small;"> </span><span style="font-size: small;">και οι υπόλοιπες χώρες της Ευρωπαϊκής Ένωσης. Είναι</span><span style="font-size: small;"> </span><span style="font-size: small;">προτιμότερο λοιπόν να πετσοκοφτεί αυτός που το</span><span style="font-size: small;"> </span><span style="font-size: small;">φοράει. Αυτό ονομάζεται<b> «εσωτερική υποτίμηση» </b>και</span><span style="font-size: small;"> </span><span style="font-size: small;">σημαίνει απλά ότι αντί να υποτιμηθεί η αξία του</span><span style="font-size: small;"> </span><span style="font-size: small;">νομίσματος περικόπτεται το εισόδημα του λαού. Κατ'</span><span style="font-size: small;"> </span><span style="font-size: small;">απαίτηση της Ευρωπαϊκής Ένωσης, του Διεθνούς</span><span style="font-size: small;"> </span><span style="font-size: small;">Νομισματικού Ταμείου (ΔΝΤ) και της Ευρωπαϊκής Κεντρικής</span><span style="font-size: small;"> </span><span style="font-size: small;">Τράπεζας, οι Έλληνες κρατικοί γραφειοκράτες</span><span style="font-size: small;"> </span><span style="font-size: small;">εβαλαν σε εφαρμογή ένα σχέδιο. Οι μισθοί θα</span><span style="font-size: small;"> </span><span style="font-size: small;">συμπιεστούν και μεγάλα τμήματα γης θα ιδιωτικοποιηθούν.</span><span style="font-size: small;"> </span><span style="font-size: small;">Παραλίες, αεροδρόμια, εθνικές οδοί και κατά το</span><span style="font-size: small;"> </span><span style="font-size: small;">ήμισυ όλες οι δημόσιες επιχειρήσεις θα ξεπουληθούν.</span></span> </div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Στην πλατεία Συντάγματος κυκλοφορεί μια φήμη</span><span style="font-size: small;"> </span><span style="font-size: small;">ότι η Ακρόπολη θα εξαγοραστεί από μια γερμανική</span><span style="font-size: small;"> </span><span style="font-size: small;">εταιρεία. </span><span style="font-size: small;"> </span><span style="font-size: small;">Έμενα στο σπίτι κάποιων νέων που ανήκουν στη</span><span style="font-size: small;"> </span><span style="font-size: small;">«γενιά των 700 ευρώ». Σύντομα θα μεταμορφωθούν στη</span><span style="font-size: small;"> </span><span style="font-size: small;">«γενιά των 500 ευρώ». Είναι στην ηλικία μου - 30</span><span style="font-size: small;"> </span><span style="font-size: small;">χρονών και πάνω - όχι τόσο νέοι τελικά, όμως νιώθουν</span><span style="font-size: small;"> </span><span style="font-size: small;">πιο νέοι απ' ότι είναι καθώς ακόμα αναρωτιούνται</span><span style="font-size: small;"> </span><span style="font-size: small;">τι θα κάνουν στο μέλλον. Κανείς τους δεν έχει</span><span style="font-size: small;"> </span><span style="font-size: small;">παιδιά. Το να κάνουν παιδιά είναι κάτι αδιανόητο γι'</span><span style="font-size: small;"> </span><span style="font-size: small;">αυτούς. Είναι μορφωμένοι, έχουν πολλά χρόνια</span><span style="font-size: small;"> </span><span style="font-size: small;">πανεπιστημιακών σπουδών στο ενεργητικό τους,</span><span style="font-size: small;"> </span><span style="font-size: small;">όμως δουλεύουν ευκαιριακά ως διακοσμητές γάμων. Ο</span><span style="font-size: small;"> </span><span style="font-size: small;">ασφαλέστερος τρόπος να βρουν μια σταθερή</span><span style="font-size: small;"> </span><span style="font-size: small;">δουλειά ήταν παλιότερα δια μέσου του κράτους, όμως</span><span style="font-size: small;"> </span><span style="font-size: small;">αυτό πρόκειται τώρα να αλλάξει. Η κατάσταση αυτή</span><span style="font-size: small;"> </span><span style="font-size: small;">δεν είναι εντελώς άγνωστη. Το ίδιο ισχύει για τη</span><span style="font-size: small;"> </span><span style="font-size: small;">γενιά μας σε όλη την Ευρώπη. Μόνο που στην Ελλάδα</span><span style="font-size: small;"> </span><span style="font-size: small;">συμπιέζονται επιπλέον οι μισθοί μέχρι το</span><span style="font-size: small;"> </span><span style="font-size: small;">κατώτερο όριο, με πρόσχημα την κρίση.</span></span></div>
<div style="color: black;">
<span style="font-family: inherit;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Στην πλατεία Συντάγματος διοργανώνεται κάθε</span><span style="font-size: small;"> </span><span style="font-size: small;">απόγευμα συνέλευση. Όταν βρέθηκα εκεί στα μέσα</span><span style="font-size: small;"> </span><span style="font-size: small;">του Ιούλη, ο αρχικός ενθουσιασμός είχε κάπως</span><span style="font-size: small;"> </span><span style="font-size: small;">υποχωρήσει. Οι συμμετέχοντες δεν ήταν πια</span><span style="font-size: small;"> </span><span style="font-size: small;">χιλιάδες, παρά εκατοντάδες. Ο καθένας μπορούσε να πάρει</span><span style="font-size: small;"> </span><span style="font-size: small;">το λόγο και να μιλήσει ενώ τα θέματα ήταν</span><span style="font-size: small;"> </span><span style="font-size: small;">διάφορα: από προτάσεις για γενική απεργία μέχρι εκκλήσεις</span><span style="font-size: small;"> </span><span style="font-size: small;">να μην κλέβονται αντικείμενα από τους συγκεντρωμένους</span><span style="font-size: small;"> </span><span style="font-size: small;">στην πλατεία. Ορισμένες ελληνικές λέξεις στριφογυρίζουν</span><span style="font-size: small;"> </span><span style="font-size: small;">επίμονα στο μυαλό μου. Μία από αυτές είναι ο</span><span style="font-size: small;"> </span><span style="font-size: small;">«Ισημερινός», που σημαίνει Εκουαδόρ. Ο πρόεδρος του</span><span style="font-size: small;"> </span><span style="font-size: small;">Εκουαδόρ, Ραφαέλ Κορέα, ήταν ένας μεγάλος</span><span style="font-size: small;"> </span><span style="font-size: small;">ήρωας για την πλατεία. Τρεις στους τέσσερις Έλληνες</span><span style="font-size: small;"> </span><span style="font-size: small;">επιθυμούν η Ελλάδα να ακολουθήσει το παράδειγμα του</span><span style="font-size: small;"> </span><span style="font-size: small;">Εκουαδόρ και της Αργεντινής: να κηρύξει στάση πληρωμών</span><span style="font-size: small;"> </span><span style="font-size: small;">του χρέους. Ένας στους τέσσερις θέλει να φύγει η</span><span style="font-size: small;"> </span><span style="font-size: small;">χώρα από το ευρώ. Αυτό που πρέπει να καταλάβει</span><span style="font-size: small;"> </span><span style="font-size: small;">κανείς είναι ότι οι Έλληνες δεν είναι εξοργισμένοι με</span><span style="font-size: small;"> </span><span style="font-size: small;">ένα αναγκαίο κακό - παρά με ένα μη αναγκαίο κακό.</span></span> </div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><br /></span></div>
<div style="color: black;">
<span style="font-family: inherit;"><span style="font-size: small;">Το πακέτο στήριξης που δόθηκε στην Ελλάδα δεν</span><span style="font-size: small;"> </span><span style="font-size: small;">επιλύει την κρίση, παρά αναγκάζει τη χώρα να</span><span style="font-size: small;"> </span><span style="font-size: small;">βυθιστεί βαθύτερα σ' αυτήν. Αντί να γίνουν</span><span style="font-size: small;"> </span><span style="font-size: small;">επενδύσεις στην ύπαιθρο, να φτιαχτεί κάποια</span><span style="font-size: small;"> </span><span style="font-size: small;">παραγωγή που να μην βασίζεται στον τουρισμό,</span><span style="font-size: small;"> </span><span style="font-size: small;">να χτιστεί κράτος πρόνοιας και να γεμίσει ο λαός</span><span style="font-size: small;"> </span><span style="font-size: small;">αισιοδοξία, περικόπτονται τα εισοδήματα του κόσμου.</span></span> </div>
<div style="color: black;">
<span style="font-family: inherit;"><span style="font-size: small;">Το ΔΝΤ, διαβόητο για τις πολιτικές λεηλασίας</span><span style="font-size: small;"> </span><span style="font-size: small;">του στον τρίτο κόσμο, τα μάζεψε και έφυγε από τη</span><span style="font-size: small;"> </span><span style="font-size: small;">Λατινική Αμερική. Τώρα κατασπαράσσει τα άκρα</span><span style="font-size: small;"> </span><span style="font-size: small;">της Ευρώπης. Θα το αφήσουμε αυτό να συμβεί;</span></span> <br />
<span style="font-family: Times New Roman; font-size: small;"> </span> </div>
</div>
kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-30720303709469405342011-07-23T05:40:00.000-07:002011-07-24T02:14:24.654-07:00Lessons from the Oslo incident<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIXt6lJMW8Y6bTmdp0XjKUhzkMOpXRZ9ktwaZngUtvtmWziYKPibKmn9B8AKT3Xb9GDqN4BLcpmu5tr_f_HFcJU04e3a8ctD5U4Nyb_ymiTDhxbr0ZzGx1MamxwYGOKzay97lvpVpr9tct/s1600/stoltenberg.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIXt6lJMW8Y6bTmdp0XjKUhzkMOpXRZ9ktwaZngUtvtmWziYKPibKmn9B8AKT3Xb9GDqN4BLcpmu5tr_f_HFcJU04e3a8ctD5U4Nyb_ymiTDhxbr0ZzGx1MamxwYGOKzay97lvpVpr9tct/s400/stoltenberg.png" width="400" /></a></div><br />
<br />
I have lived in Oslo for 9 years now and having not experienced something like that before closely (like most Norwegians), I must admit I am quite shocked. The picture above summarizes the human tragedy, which is worth a thousand words. Whilst every human being with reasoning ability and sanity mourns for the tragedy, the media pointlessly try to find who is really behind the attack. Does it really make a difference if the killer(s) are from nation A or B, or support the extreme view X and Y? Lives are lost anyway.<br />
<br />
<br />
If there is a lesson to be taught out of whatever comes out of investigating this is that <i>lunacy driving by fanaticism has no national, religious or social borders</i>. I realized that as I watched this morning a mother on a bike accompanied her small daughter (also on a bike), wondering freely on the streets of Blindern, a few Kilometers away from the terror scene. Because that is the real value of Norway. It's not its Oil Ministry or Oil Fund, not the Government, not the buildings and shops. It is the people and their open way of leaving. And I am afraid the lunatic(s) targeted the right place. <br />
<br />
<br />
When the Prime Minister said that he cannot predict how this would change the Norwegian society, he was careful, answering along the lines of the fact that nobody can be a prophet, quite reasonable to understand. However, I hope that Norway would not become a "police state". This is the only worthy privilege that one distinctively gets by living in Oslo. If that is lost, forget the oil fund, all the money in the world and more importantly all the people that are not with us who really worked to preserve it!</div>kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com2tag:blogger.com,1999:blog-2248117304334958898.post-74486945262860416562011-04-28T08:24:00.000-07:002011-04-28T08:29:37.241-07:00China: A nation of cyber attackers or the 'Wild West' of vulnerable systems?<div dir="ltr" style="text-align: left;" trbidi="on">An ascending nation creates waves in World Politics. At least, that is the case with China and the way it provokes the US Government when it comes to Cyber attack issues. There is one side (that of the US government) which states that <a href="http://www.zdnet.com/blog/government/welcome-to-the-new-cold-war-china-vs-the-united-states/10289">China is the powerhouse of a new Cold War</a> in the cyber front. On the other hand,<a href="http://threatpost.com/en_us/blogs/glass-dragon-chinas-cyber-offense-obscures-woeful-defense-042711"> a credible investigation</a> finds that the Chinese government seems totally unprepared to fend off coordinated attacks on Chinese networks. <br />
<br />
Well, they are both right. The mixup is in the detail of WHO attacks what. The fact that China (and many other countries) have a large number of vulnerable systems makes it an ideal ground to base the front end of large cyber attacks for two reasons:<br />
<br />
<br />
<ul style="text-align: left;"><li>It requires little effort to locate thousands of vulnerable systems.</li>
<li>It breaks the chain of evidence that leads to the real source of the attacks.</li>
</ul>Both of these points are really important in the wishlist of a botnet/malware writer/coordinator: If I wanted to DDoS a site, would I target systems in a country where few vulnerable systems can be found, or in countries where most of the systems come from pirated copies (or at best unpatched copies of genuine software)?<br />
<br />
The important point in my view is to really investigate how the chain of evidence can be preserved in these kinds of attacks. What Dillon Deresford found is really not surprising and it explains why China is often the ground for cyber attacks. The important thing is that someone should explain to US Federal funded bodies that instead of accusing a country at large, they should also investigate whether US based attackers use Chinese networks to attack US networks. Proving or disproving this possibility will be a winner and the greatest challenge of all. With many important changes in the global network infrastructure (IPv6 is already here), it will be interesting to see if an order or further chaos will emerge with every little device having a globally routable IP.<br />
<br />
<br />
</div>kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0tag:blogger.com,1999:blog-2248117304334958898.post-14360069674628623922011-03-05T19:32:00.000-08:002011-03-06T02:10:32.213-08:00Μια λύση για το θέμα των απεργών πείνας<div dir="ltr" style="text-align: left;" trbidi="on"><br />
<iframe title="YouTube video player" width="480" height="390" src="http://www.youtube.com/embed/211Gq6CMPk4" frameborder="0" allowfullscreen></iframe><br />
<br />
</div><br />
To θέμα των απεργών πείνας είναι ίσως η πιο επικίνδυνη προβοκάτσια που έχει αντιμετωπίσει η Ελλάδα στη σύγχρονη ιστορία της. Σε όλους είναι πλέον φανερές οι πιθανές συνέπειες (ανθρώπινες πρώτα απο όλα αλλά και αυτές της δημιουργίας αναταραχών) θανάτου ενός ανθρώπου. Δείχνει το πόσο αμήχανα και άστοχα η κυβέρνηση της χώρας προσπάθησε να διαχειριστεί ένα θέμα ανθρώπινο, οικονομικό και διοικητικό.<br />
<br />
Σε αυτή την κατάσταση που φτάσαμε, η λύση είναι μόνο μια και μου προξενεί έκπληξη το γεγονός οτι κανένας απο τους ακριβοπληρωμένους συμβούλους των Υπουργείων δεν την έχει υποδείξει και έχει ως εξής.<br />
<br />
Κάθε άνθρωπος, εξαντλημένος, πιεσμένος για οποιονδήποτε λόγο, όταν φτάνει σε σημείο να μην τρώει απο επιλογή του για βδομάδες και φτάνει σε σημείο κατάρρευσης, χρήζει άμεσης ιατρικής βοήθειας, γιατί δεν έχει σώας τας φρένας. Οι απεργοί πείνας, μέσα στη δυστυχία τους για την οποία κανένας δεν μπορεί να αμφιβάλλει, υποκινούνται απο κάποιους που τους υπέδειξαν μια επικίνδυνη για τη ζωή τους στρατηγική, η οποία τους έπεισε οτι θα λύσουν το πρόβλημά τους. Κάθε λογικός άνθρωπος γνωρίζει ότι άνθρωποι που έχουν φτάσει στην εξαθλίωση και δεν έχουν ελπίδα, είναι σημείο εκμετάλλευσης. Αυτό συμβαίνει με τους απεργούς πείνας σε αυτή την περίπτωση και επομένως ένα οργανωμένο κράτος έχει την ευθύνη ΜΕΤΑ ΒΙΑΣ να τους θέσει σε παρακολούθηση απο ψυχολόγους και ψυχίατρους, διότι οι άνθρωποι δεν είναι καλά. <br />
<br />
Ίσως είναι απολυταρχική αυτή η λύση, όμως νομίζω οτι επιβάλλεται και για τη διάσωση της ζωής ανθρώπων που ΔΕΝ γνωρίζουν ποιο είναι το συμφέρον τους αλλά και για την ασφάλεια της χώρας. Διότι εαν πεθάνει ένας απο αυτούς, οι άμοιροι λιγοστοί Έλληνες πολίτες που ζουν και εργάζονται στο κέντρο της Αθήνας θα την πληρώσουν άμεσα με το χειρότερο τρόπο, πέρα απο αυτά που πληρώνουν κάθε μέρα εξαιτείας της απουσίας οργανωμένης διαχείρισης του μεταναστευτικού.<br />
<br />
Αίσθηση μου προκάλεσε το γεγονός οτι σε νοσοκομειακό γιατρό <a href="http://thestival.blogspot.com/2011/02/blog-post_2142.html">ο οποίος καταγγέλθηκε απο συναδέρφους του</a> γιατί άφησε δίσκο με ΦΑΓΗΤΟ μπροστά απο άτομο που ΗΤΑΝ στο νοσοκομείο,ΔΕΝ έτρωγε και κινδύνευε να πεθάνει!!! Οι άνθρωποι που έκαναν αυτοί την καταγγελία έχουν ξεφύγει απο κάθε έννοια λογικής. Διότι η λογική λέει ότι <b>συμπαράσταση και φροντίδα για έναν δυστυχή άνθρωπο δεν είναι να του δώσεις ένα κρεβάτι και να τον παρακολουθείς να πεθαίνει, αλλά να τον κάνεις να φάει, να σταθεί στα πόδια του και να καταλάβει το συμφέρον του</b>.<br />
<br />
Αφού λοιπόν γίνει αυτό και αποφευχθούν τα χειρότερα ο ΥΠΕΞ ή ο ίδιος ο Πρωθυπουργός να κάνει 2 κινήσεις.<br />
<br />
1. Να μεθοδεύσει με τη συνδρομή της Ιταλίας και Ισπανίας μια συνέντευξη στο BBC ή και σε άλλο παγκόσμιο τηλεοπτικό δίκτυο και να δείξει στον κ. Μπαρόζο και στους αριστοκράτες των Βρυξελών τι σημαίνει δράμα και να ζητήσει ΤΡΙΠΛΑΣΙΑΣΜΟ της Frontex στα σύνορα όλης της επικράτειας και να απαιτήσει απο κοινού με Ιταλία και Ισπανία την προώθηση των ανθρώπων αυτών σε Γερμανία και Σκανδιναβικές χώρες, με το σκεπτικό του ότι οι οικονομίες τους είναι πιο κραταιές.<br />
<br />
2. Να καλέσει σε βοήθεια το World Food Program ώστε να συμβάλλει στη σίτηση αυτών των ανθρώπων, μέχρι να προωθηθούν κάπου αλλού. <br />
<br />
Αν υπάρχει λογική ακόμα στο μυαλό κάποιων, νομίζω ότι υπάρχει ελπίδα. Αλλιώς η Ελλάδα θα μείνει στη σύγχρονη Ιστορία ώς το μόνο κράτος μέλος της Ευρωπαικής Ένωσης που θα αφήσει ανθρώπους να πεθάνουν, μην αναγνωρίζοντας ότι τους έχει γίνει πλύση εγκεφάλου!kompioyterashttp://www.blogger.com/profile/07993947898374939412noreply@blogger.com0