Professional Documents
Culture Documents
WATCH:
ISSUE
OVERVIEW
V
JANUARY 2017 | ISSUE 273
http://www.linuxjournal.com
Since 1994: The Original Magazine of the Linux Community
Password Managers
and Online Security
GEEK GUIDES
http://geekguide.linuxjournal.com
BotFactory: Containers
Automating 101
the End of Author:
Cloud Sprawl Sol Lederman
Author: Sponsor: Puppet
John S. Tonello
Sponsor:
BotFactory.io
FEATURES
76 Online Privacy 92 Low Power
and Security Wireless: CoAP
Using a Password A look at the application layer:
device description using CoRE
Manager Link Format, data formats using
Take charge of your online CBOR and REST APIs.
account credentials. Jan Newmarch
der.hans
COLUMNS
38 Reuven M. Lerners
At the Forge
Testing Models
46 Dave Taylors
Work the Shell 26
Is the Moon Waxing or Waning?
52 Kyle Rankins
Hack and /
Orchestration with MCollective,
Part II
58
58 Shawn Powers
The Open-Source
Classroom
My Love Affair with Synology
IN EVERY ISSUE
8 Current_Issue.tar.gz
76
10 Letters
16 UPFRONT
Cover Image: Can Stock Photo / werayuth
ON THE COVER
Contributing Editors
)BRAHIM (ADDAD s 2OBERT ,OVE s :ACK "ROWN s $AVE 0HILLIPS s -ARCO &IORETTI s ,UDOVIC -ARCOTTE
0AUL "ARRY s 0AUL -C+ENNEY s $AVE 4AYLOR s $IRK %LMENDORF s *USTIN 2YAN s !DAM -ONSEN
Advertising
%
-!),: ads@linuxjournal.com
52,: www.linuxjournal.com/advertising
0(/.%
EXT
Subscriptions
%
-!),: subs@linuxjournal.com
52,: www.linuxjournal.com/subscribe
-!), 0/ "OX (OUSTON 48 53!
keep up
SUSE Enterprise Storage, the leading
open source storage solution, is highly
scalable and resilient, enabling high-end
with data
functionality at a fraction of
the cost.
explosion.
suse.com/storage
Data
Insecure
about Being
Unsecure
SHAWN
POWERS
T
here have been epic battles over whether pretty ordinary guy
and can be reached
insecure or unsecure should be used when
via email at
REFERRING TO COMPUTER SECURITY 'RANTED THOSE shawn@linuxjournal.com.
EPIC BATTLES USUALLY TAKE PLACE IN REALLY NERDY FORUMS Or, swing by the
#linuxjournal IRC
BUT STILL ONE SOUNDS FUNNY AND THE OTHER SEEMS TO
channel on
PERSONIFY COMPUTERS 7HICHEVER GRAMMATICAL CONSTRUCT Freenode.net.
YOU CHOOSE THE NEED FOR SECURITY IS GREATER NOW THAN
ever. As Linux users, we need to make sure were not
OVERCONFIDENT IN THE INHERENT SECURITY OF OUR SYSTEMS
V
SYSTEMER ) MEAN HIS PHASES OF THE MOON SCRIPT THIS MONTH 7HEN
you start writing scripts with Dave, you start to realize all the cool
additions you can make. Programming is like that. Dave shows how
TO FIGURE OUT WHETHER THE MOON IS WAXING OR WANING WHICH IS REALLY
USEFUL INFORMATION WHEN YOURE PLANNING A FAMILY CAMPING TRIP IN
WEREWOLF TERRITORY
Kyle Rankin continues his series on MCollective, which is server
ORCHESTRATION FOR CONFIGURATION MANAGEMENT SYSTEMS )F 0UPPET AND
#HEF CANT QUITE HANDLE THE DAY
TO
DAY NEEDS OF YOUR ENVIRONMENT
USING -#OLLECTIVE MIGHT FILL THAT NEED
) EXPLORE 3YNOLOGY THIS MONTH WHICH CONTINUES TO FILL MY OWN NEEDS
FOR MY HOME OFFICE )VE HAD MULTIPLE .!3 MACHINES THROUGH THE YEARS
AND NOTHING HAS BEEN AS USEFUL RELIABLE AND PERFORMANT AS 3YNOLOGY
)F YOURE LOOKING FOR A STORAGE DEVICE THAT ALSO HANDLES A PLETHORA OF
SERVER FUNCTIONS YOULL WANT TO CHECK OUT MY COLUMN THIS ISSUE
DERHANS HAS AN INCREDIBLE IN
DEPTH ARTICLE THIS MONTH ON USING
PASSWORD MANAGERS 7E RELY SO MUCH ON OUR ONLINE ACCOUNTS ITS VITAL
THAT OUR PASSWORDS BE STRONG AND UNIQUE ON EACH SITE ! PASSWORD
MANAGER IS QUICKLY BECOMING THE ONLY FEASIBLE WAY TO ACCOMPLISH
that. der.hans discusses how to manage passwords and retrieve them
WHEN NEEDED )F PASSWORD MANAGERS ARENT CONVENIENT ITS UNLIKELY
ANYONE WILL USE THEM SO LEARNING THE NUANCES OF SUCH AN IMPORTANT
TECHNOLOGY IS WORTH THE EFFORT
*AN .EWMARCH FINISHES HIS SERIES ON LOW POWER WIRELESS THIS MONTH
4HE USE OF A LOW
POWERED WIRELESS NETWORK IS A CONSTANT REMINDER OF
HOW MUCH OUR WORLD IS BECOMING CONNECTED 7ERE NOT FAR FROM A TIME
WHEN A HACKER COULD INFILTRATE OUR TOASTER TO RUIN BREAKFAST 4HANKFULLY
Jans series helps us to create our low powered wireless networks
INTELLIGENTLY %VERYONE SHOULD READ HIS SERIES EVEN IF YOU NEVER PLAN TO
IMPLEMENT SOMETHING LIKE ,O70!.
7E LOVE BRINGING YOU THE LATEST INFORMATION FROM THE ,INUX WORLD
WHETHER ITS NEW PRODUCTS FUN APPS OR EVEN IN
DEPTH SECURITY ARTICLES
,INUX ALWAYS HAS BEEN AT THE FOREFRONT OF COMPUTER SECURITY AND ITS
ONLY GOING TO STAY THERE IF WE TAKE SECURITY SERIOUSLY AND DONT ASSUME
WERE SAFE JUST BECAUSE WE USE OPEN SOURCE )F YOURE HOPING TO
BECOME A BETTER SMARTER ,INUX USER THIS ISSUE IS FOR YOU Q
PREVIOUS NEXT
V
V
Current_Issue.tar.gz UpFront
Kyle Rankin replies: This is a great question. Yes, even if you disable
password login altogether, you still should disable root login both over
SSH and locally, and use sudo instead. The core idea
with requiring sudo for root access instead of using
su is that it makes it easy to revoke any individual
admins access to root without having to change At Your Service
some central, shared password. Even if you require SUBSCRIPTIONS: Linux Journal is available
SSH keys for login, requiring sudo still provides extra in a variety of digital formats, including PDF,
.epub, .mobi and an online digital edition,
protection in the case of a compromised key. as well as apps for iOS and Android devices.
Renewing your subscription, changing your
email address for issue delivery, paying your
invoice, viewing your account details or other
Attackers who have compromised an admins subscription inquiries can be done instantly
online: http://www.linuxjournal.com/subs.
SSH keys still have one extra barrier to the root Email us at subs@linuxjournal.com or reach
account: they may be able to ssh in to a server us via postal mail at Linux Journal, PO Box
980985, Houston, TX 77098 USA. Please
as the admin using the admins key (if the admin remember to include your complete name
and address when contacting us.
didnt take the extra step of password-protecting
ACCESSING THE DIGITAL ARCHIVE:
the keys), but the attackers still have to figure out Your monthly download notifications
the admins personal password to be able to sudo will have links to the various formats
and to the digital archive. To access the
to root. In your scenario, if your personal key were digital archive at any time, log in at
http://www.linuxjournal.com/digital.
compromised, attackers would have direct access to
LETTERS TO THE EDITOR: We welcome your
root on all of your machines. Scenarios like this are letters and encourage you to submit them
at http://www.linuxjournal.com/contact or
why its so important never to share personal keys mail them to Linux Journal, PO Box 980985,
between admin, password-protect your keys, pick Houston, TX 77098 USA. Letters may be
edited for space and clarity.
good passwords for sudo, and never allow users to WRITING FOR US: We always are looking
sudo up to root without their password. for contributed articles, tutorials and
real-world stories for the magazine.
An authors guide, a list of topics and
Shawn Powers Hodge Podge article in the October FREE e-NEWSLETTERS: Linux Journal
ISSUE WAS AN INTERESTING ARTICLE AS USUAL editors publish newsletters on both
a weekly and monthly basis. Receive
late-breaking news, technical tips and
tricks, an inside look at upcoming issues
In the article, he mentioned several economical and links to in-depth stories featured on
http://www.linuxjournal.com. Subscribe
cloud options. I wonder whether he has evaluated for free today: http://www.linuxjournal.com/
available to suit various needs, the most basic ADVERTISING: Linux Journal is a great
resource for readers and advertisers alike.
COSTING ONLY A ONE
TIME FEE FOR LIFE ON A SHARED Request a media kit, view our current
editorial calendar and advertising due dates,
CLUSTER 4HERE ARE 603 OPTIONS AS WELL AT THE HIGHER or learn more about other advertising
and marketing opportunities by visiting
END (OW DO THESE OPTIONS FIGURE IN COMPARISON us on-line: http://ww.linuxjournal.com/
WITH OTHERS THAT HE MENTIONED advertising. Contact us directly for further
information: ads@linuxjournal.com or
Mayuresh +1 713-344-1956 ext. 2.
7HEN THE CAR IS PARKED IN THE VICINITY OF MY HOUSE THE SMARTPHONE USES
THE 7I
&I OF MY !0 )N THIS WAY ) MINIMIZE DATA TRAFFIC ON MY PRE
PAID
data bundle. Only when Im driving around GPS coordinates are sent to
THE 4RACCAR SERVER USING THE PRE
PAID DATA BUNDLE 4HE CLIENT IS SET TO
AN INTERVAL OF ONE MINUTE $EPENDING ON THE COST OF YOUR PRE
PAID DATA
BUNDLE AND THE AMOUNT OF TRAVEL YOU WILL USE UP IN SEVERAL MONTHS
4HE 4RACCAR SERVER STORES ALL COORDINATES OF MULTIPLE DEVICES IF NEEDED IN
A -Y31, DATABASE 6IA A WEB INTERFACE YOU CAN LOCATE YOUR '03 DEVICE OR
see where the GPS device, in my case my car, travels or has traveled to.
4HERE YOU GOA SECOND LIFE FOR YOUR SMARTPHONE AND LOTS OF FUN
Roland Horsten
4HAT THIS PROJECT WAS PICKED UP FOR AN ARTICLE SERIES IN Linux Journal was
a really nice surprise [see Jan Newmarchs articles in the November and
$ECEMBER ISSUES AS WELL AS THE FINAL ARTICLE IN THIS ISSUE=
2EADING THE FIRST ARTICLE ) HAVE A FEW ITEMS ) WANTED TO BRING UP
Q )N THE ARTICLE *AN WRITES THAT THE ATRF MODULE NEEDS TO BE LOADED
MANUALLY 4HAT SHOULD NOT BE NEEDED AND HAS NOT BEEN IN MY TESTING SO
FAR 4HE DEVICE TREE OVERLAY HE ENABLED SHOULD MAKE SURE THAT THE DRIVER IS
AUTO
LOADED AS WELL -AYBE THATS SOMETHING WORTH CHECKING IN HIS SYSTEM
Q 5SING 5$0 FOR THIS EXAMPLE HAS THE ADDITIONAL BENEFIT THAT THE KERNEL
CAN APPLY NEXT HEADER COMPRESSION .(# 2&# FOR 5$0 )F YOU
USE THE RIGHT PORT RANGE THAT CAN SAVE BYTES FROM THE 5$0 HEADER
IN EACH PACKET 4HE PORT RANGE IS REDUCED TO ONLY PORTS STARTING
FROM PORT
! GOOD ARTICLE OVERALL 4HANKS FOR DOING IT AND LOOKING FORWARD TO THE
next episodes.
Stefan Schmidt
Jan Newmarch responds: Thanks Stefan! Yes, you are right on both
counts. I manually loaded the drivers in order to test if it was working.
Once confirmed, reboots and the device tree load the drivers as needed.
I should have mentioned that I loaded them manually only as a test and
after that it no longer would be needed.
Erratum
) JUST FINISHED READING 2EUVEN - ,ERNERS !T 4HE &ORGE h0REPARING $ATA
FOR -ACHINE ,EARNINGv IN THE .OVEMBER ISSUE WHICH WAS GREAT AND
had me craving a burrito! But I noticed a typo: in the Resources section,
THE $ATA 3CIENCE 7EEKLY NEWSLETTER 52, SHOULD BE A ORG AND NOT A COM
4HE CORRECT 52, IS http://datascienceweekly.org.
Terrill
WRITE LJ A LETTER
We love hearing from our readers. Please send us your comments
and feedback via http://www.linuxjournal.com/contact.
RETURN TO CONTENTS
PREVIOUS NEXT
V
V
diff -u
7> i
iiiii
Anshuman Khandual FELT THAT THERE WERE A LOT OF DEVICES WITH THEIR OWN
RAM in the world, and Linux should be able to allocate that memory to
USERS AS PART OF THE GENERAL POOL RATHER THAN LETTING THOSE DEVICES HOG IT
ALL FOR THEMSELVES
)T TURNS OUT TO BE HARD TO DO THIS $EVICES HAVE TO BE INITIALIZED BEFORE
THEY CAN BE USED SO THE GENERAL POOL OF 2!- WOULD HAVE TO BE GROWN
by the kernel in a coherent way as new devices came online. Also, unlike
REGULAR SYSTEM 2!- DEVICES CAN REMOVED FROM THE SYSTEM WITHOUT
WARNING WHICH POSES ITS OWN SET OF PROBLEMS
4HERE ALWAYS ARE SOLUTIONS TO THESE SORTS OF PROBLEMS BUT THEY MAY
involve unpleasant compromises, such as increased code complexity, speed
REDUCTION OR USING SOME AREAS OF 2!- IN CERTAIN WAYS BUT NOT OTHERS
3OMETIMES THERE ALSO ARE UNEXPECTED OPPORTUNITIES FOR COLLABORATION
THAT EMERGE FROM THESE SORTS OF PROPOSALS )N THIS CASE !NSHUMAN
FOUND THAT Jerome Glisses work on HMM HETEROGENEOUS MEMORY
MANAGEMENT MIGHT BE RELEVANT BECAUSE IT HAD THE SIMILAR ISSUE OF 2!-
not always being available to the general pool. Jerome suggested they
WORK TOGETHER ON FINDING A PROPER SOLUTION
Dave Hansen also pointed out that the existing projects autonuma
AUTOMATIC NON
UNIFORM MEMORY ARCHITECTURE AND hugetlbfs were
SPTechCon offers classes and tutorials for IT professionals, Tips and tricks for working with SharePoint
business decision makers, information workers, developers and 2013 and 2010, and Office 365
software and information architects. Each presenter at SPTechCon
Practical information you can put to use
is a true SharePoint expert, with many drawn from Microsofts
on the job right away!
tech teams or holding Microsoft MVP status.
The most knowledgeable instructors working
Whether youre looking to upgrade to a more current version, in SharePoint today
making a move to the cloud, or simply need answers to those
daunting problems youve been unable to overcome, SPTechCon
is the place for you! Come join us! www.sptechcon.com
A BZ Media Event
Android Candy:
the Verbification
of Video Chat
People who study the
HISTORY OF LANGUAGES
probably will look back
at our current time
AND SCRATCH THEIR HEADS 7E KEEP INVENTING VERBS &IRST 'OOGLE BECAME
THE VERB WE USE FOR SEARCHING 4HEN h&ACEBOOKINGv SOMEONE BECAME A
VIABLE WAY TO CONTACT THEM (ECK ) FORGOT ABOUT hTEXTINGv SOMEONE )T
SEEMS WE JUST KEEP TAKING PERFECTLY GOOD NOUNS AND MAKING THEM VERBS
7E KEEP VERBING ALL OUR NOUNS "UT ) DIGRESS
5NFORTUNATELY )VE NOTICED A TREND WHERE PEOPLE WHO WANT TO DO
VIDEO CHAT ARE STARTING TO SAY h&ACETIME MEv 4HE PROBLEM ISNT WITH THE
TERMINOLOGY ITS WITH THE PROPRIETARY TECHNOLOGY )F YOURE AN !NDROID
USER YOU CANT h&ACETIMEv SOMEONE 'OOGLE (ANGOUTS SORT OF SOLVES
THAT PROBLEM BUT ITS NOT AS USER
FRIENDLY AS &ACETIME ON I/3 IS
Google hopes to change that with its new Duo app. Its designed very
much like Facetime, but it has native iOS and Android apps. In my trials,
THE VIDEO QUALITY IS FINE SO ITS REALLY ONLY ADOPTION THAT NEEDS TO HAPPEN
IN ORDER TO BECOME THE STANDARD ACROSS PLATFORMS )TS WORTH A TRY BUT
YOULL HAVE TO CONVINCE YOUR !PPLE FRIENDS TO INSTALL A NEW APP FOR VIDEO
CHATTING !LSO hDUOv DOESNT REALLY LEND ITSELF TO VERBIFICATION SO )M A
LITTLE WORRIED 'OOGLE HAS A NON
STARTER ON THAT NOTE ALONE
Shawn Powers
break down
your innovation barriers
power your business to its full potential
When youre presented with new opportunities, you want to focus on turning
them into successes, not whether your IT solution can support them.
Peer 1 Hosting powers your business with our wholly owned FastFiber NetworkTM,
solutions that are secure, scalable, and customized for your business.
Listen To Me Cheaply
) LISTEN TO A LOT OF BOOKS ! LOT !ND HONESTLY ALTHOUGH )VE WRITTEN
ABOUT THE h,ISTENv APP FOR AUDIOBOOKS ) TEND TO USE !UDIBLE MORE
THAN ANYTHING ELSE ANYMORE 0ART OF THE REASON IS THE !NDROID APP
FINALLY HAS MORE FINE
GRAINED SPEED SETTINGS ) PREFER AROUND X
SPEED I0HONE PEOPLE DONT HAVE THAT SEEMINGLY SIMPLE FEATURE
Just saying.
4HE MAIN REASON )VE BEEN USING !UDIBLE HOWEVER IS THE PRICING
Yes, Im a Platinum subscriber, so I get two credits a month. But, its
THE hADD NARRATIONv FEATURE ON THE +INDLE STORE THAT REALLY DOES IT
though. Its often cheaper to buy the Kindle version of a book and
add Audible narration for less than the cost of the audiobook alone!
Thats not always the case, but its always worth checking. Look at
my example in the screenshots.
Yes, this book is free. But, you can add Audible Narration for $2.99.
Notice how much it would cost to buy the book outright: $21.99!
Not all books come with such a good deal, but many do. And if you
add Audible narration, the book is added to your Audible account like
any other book. You never have to read the Kindle version, but its
still nice to have bothespecially when its cheaper than just buying
the audiobook! Shawn Powers
Archive
19942016
NOW
AVAILABLE!
SAVE $10.00
by using
discount code
2017ARCH
at checkout.
Coupon code
expires 3/28/2017
www.linuxjournal.com/archive
Never Trust
Yellow Fruit
Youve probably heard about the
7I&I 0INEAPPLE FROM (AK )TS A
FASCINATING DEVICE THAT ALLOWS YOU
to do some creepy pen testing. Its
THE SORT OF TOOL THAT COULD BE USED FOR EVIL BUT ITS ALSO INCREDIBLY USEFUL
FOR SECURING NETWORKS
4HE HARDWARE IS FAIRLY BASIC AND RESEMBLES AN OFF
THE
SHELF ROUTER 4HE
MULTIPLE NETWORK INTERFACES REALLY SHINE HOWEVER WHEN PAIRED WITH THE
OPERATING SYSTEM 4HE 7I&I 0INEAPPLE SOFTWARE CREATES A ROGUE HIDDEN
ACCESS POINT THAT PURPOSEFULLY TRICKS CLIENTS INTO CONNECTING TO it instead
OF THE !0 THEYRE USUALLY CONNECTED TO
)T DOESNT STOP THERE EITHER 4HE SOFTWARE SNIFFS THE WIRELESS NETWORK FOR
CLIENTS LOOKING FOR !0S THEY KNOW AND THEN CREATES FAKE 33)$S THAT MATCH
WHAT CLIENTS ARE LOOKING FOR /NCE THE CLIENT ASSOCIATES WITH THE 33)$ IT
thinks it already knows, the Pineapple provides internet service, but it also
SNIFFS EVERY PACKET ALONG THE WAY 3CARY STUFF
4HERE ARE MANY USES FOR THE 7I&I 0INEAPPLE AND MANY OF THEM ARE
WHITE
HAT SORTS OF THINGS "E WARNED THOUGH BECAUSE YOU MIGHT BE
CONNECTED TO SOMEONE ELSES 7I&I 0INEAPPLE RIGHT NOW 4O GET YOUR OWN
PIECE OF DANGEROUS AWESOMENESS HEAD OVER TO HTTPWIFIPINEAPPLECOM
NOW 4HERE IS A '(Z
ONLY VERISON AS WELL AS A DUAL
FREQUENCY MODEL
Shawn Powers
LINUX JOURNAL
on your
e-Reader
Customized
Kindle and Nook
editions
available e-Reader
editions
FREE for
Subscribers
LEARN MORE
Analyzing Videos
for Fun and Profit
0EOPLES PHONES AND ALL OF THE VARIOUS SENSORS THAT MAY BE BUILT IN
TO THEM IS A SOURCE OF SCIENTIFIC DATA LOGGING THAT ALMOST EVERYONE
CARRIES AROUND !LTHOUGH THE SELECTION OF SENSORS VARIES FROM PHONE
to phone, they almost all have a camera. In this article, I take a look
AT A PIECE OF SOFTWARE CALLED 4RACKER THAT CAN BE USED TO ANALYZE
VIDEOS YOU TAKE OF EXPERIMENTS
9OU CAN DOWNLOAD 4RACKER DIRECTLY FROM THE PROJECT PAGE
http://physlets.org/tracker ! LOT OF GOOD DOCUMENTATION IS AVAILABLE
AT THE MAIN WEBSITE INCLUDING EXAMPLES OF HOW YOU MIGHT BE ABLE
TO USE IT FROM THE COMMUNITY OF OTHER USERS 4RACKER IS WRITTEN IN
*AVA HOWEVER SO YOU ALSO NEED TO HAVE A *6- INSTALLED ON YOUR
SYSTEM BEFORE YOU CAN USE IT &OR EXAMPLE ON A $EBIAN
BASED SYSTEM
YOU CAN INSTALL A VERY GOOD *6- WITH THE COMMAND
9OU THEN CAN DOWNLOAD THE RELEVANT INSTALLER FOR YOUR SYSTEM AND RUN
IT FROM A TERMINAL WINDOW 9OU PROBABLY WILL NEED TO MAKE THE INSTALLER
executable with a command like this:
chmod +x Tracker-4.95-linux-64bit-installer.run
$ONT FORGET TO USE THE SUDO COMMAND SO THAT YOU HAVE THE CORRECT
permissions to do the installation.
Once its installed, you should have a new entry in your applications
MENU SYSTEM 3TARTING 4RACKER WILL GIVE YOU A NEW EMPTY PROJECT FOR
beginning your video analysis.
Although you could start analyzing your own videos immediately, you
MAY WANT TO USE SIMPLER VIDEOS WHILE LEARNING HOW 4RACKER WORKS 7HEN
YOU RAN THE INITIAL INSTALLER FOR 4RACKER IT SHOULD HAVE ASKED YOU WHETHER
YOU ALSO WANTED TO INSTALL EXAMPLE FILES !SSUMING YOU SAID YES YOU NOW
Figure 1.
When you start
Tracker, you get
a new empty
project.
Figure 2.
The open file
dialog box
allows you to
open movie files
or Tracker files.
CAN LOAD ONE OF THOSE WITHIN 4RACKER 7HEN YOU CLICK ON THE MENU ITEM
FileAOpen File, youll see a new window where you can select either a
MOVIE FILE OR A 4RACKER FILE
4O BEGIN WITH LETS LOOK AT ONE OF THE 4RACKER FILES FROM THE EXPERIMENTS
FOLDER )N &IGURE ) HAVE LOADED THE EXPERIMENT FILE NAMED "ALL4OSSTRK
Figure 3. Loading a Tracker file opens all of the parts of a previous analysis.
4HE MAIN WINDOW DISPLAYS THE MOVIE THAT IS BEING ANALYZED AS PART OF
THE EXPERIMENT 4HE PANE IN THE BOTTOM RIGHT
HAND SIDE SHOWS A TABLE OF
X AND Y COORDINATES FOR A SERIES OF TIME UNITS ! SIMILAR TABLE IS GENERATED
FOR EACH TRACKED OBJECT WITHIN THE MOVIE )N THIS EXAMPLE EXPERIMENT
THE ONLY TRACKED OBJECT IS THE BALL 4HE TOP RIGHT
HAND PANE CONTAINS THE
ASSOCIATED PLOT FOR THE DATA STORED IN THE TABLE 4HIS WAY YOU CAN HAVE A
VISUAL REPRESENTATION OF THE TRACKED MOTION
3O WHAT CAN 4RACKER ACTUALLY TRACK !T THE BOTTOM OF THE MOVIE DISPLAY
IS A SET OF CONTROLS )F YOU CLICK ON THE GREEN ARROW THE MOVIE WILL START
TO PLAY !S IT DOES 4RACKER ACTUALLY REGISTERS THE MOVEMENT OF THE TRACKED
OBJECT AND ALSO UPDATES THE DATA PANES ON THE RIGHT
HAND SIDE
!LTHOUGH THESE PANES DO GIVE YOU LOTS OF RAW DATA THERE REALLY ISNT ANY
ANALYSIS BEING DONE YET #LICKING THE 6IEWA$ATA 4OOL MENU ITEM POPS
OPEN A NEW WINDOW WHERE YOU CAN USE THIS RAW DATA TO FIGURE OUT WHAT
Figure 4.
As the movie
progresses,
Tracker updates
the data panes
on the right-
hand side for
the tracked
object.
Figure 5.
The Data
Tool window
provides a set
of analysis tools
to look at the
raw data pulled
from the video.
GIVES YOU THE OPTIONS #OORDINATES 3LOPE AND !REA 7HEN YOU SELECT ONE
OR MORE OF THOSE OPTIONS VALUES ARE DISPLAYED AT THE BOTTOM OF THE PLOT
REPRESENTING EACH OF THE SELECTED OPTIONS
7HEN YOU CLICK THE !NALYZE BUTTON YOU GET A DROP
DOWN WITH THE
3TATISTICS #URVE &ITS AND &OURIER 3PECTRUM OPTIONS %ACH OF THOSE OPTIONS
ACTUALLY OPENS A NEW PANE IN THE $ATA 4OOL WINDOW 4HE EXCEPTION IS THE
&OURIER 3PECTRUM OPTION 4HIS OPTION ACTUALLY OPENS A NEW WINDOW WHERE
A &OURIER ANALYSIS IS DONE ON THE RAW DATA FROM THE TRACKED OBJECT
4HE 3TATISTICS OPTION GIVES THE DATA DISPLAYED IN THE TOP RIGHT PANE 4HIS
IS THE SET OF DESCRIPTIVE STATISTICSTHAT IS THE MAXIMUM MINIMUM MEAN
and standard deviation, among other values.
3ELECTING THE #URVE &ITS OPTION GIVES YOU THE PANE AT THE BOTTOM OF
THE PLOT WINDOW (ERE YOU CAN SELECT WHAT TYPE OF CURVE IS BEING FITTED
TO YOUR RAW DATA 9OU CAN USE A NUMBER OF DEFAULT FUNCTIONS TO TRY TO
FIT YOUR DATA )N THIS CASE THE LINEAR FUNCTION IS THE OBVIOUS CHOICE FOR
A FITTING FUNCTION 9OU CAN SEE THE FUNCTION BEING USED X!
T" IN
Figure 7. You define your own fitting functions as part of the data analysis.
THIS CASE ALONG WITH THE CALCULATED VALUES FOR THE PARAMETERS ! AND
" )F YOU ARE TRACKING AN OBJECT THAT HAS A REALLY ODD MOTION YOU CAN
CLICK THE &IT "UILDER BUTTON TO POP UP A NEW WINDOW WHERE YOU DEFINE
A NEW FITTING FUNCTION
7HAT DO YOU DO AS PART OF A NEW PROJECT ,ETS SAY YOU WANT TO ANALYZE
THE PENDULUM VIDEO FROM THE SAMPLE VIDEO FOLDER 9OU CAN SET SOME
calibration items within the video by either selecting the relevant buttons
Figure 8. You can set up calibration tools within your video to be analyzed.
AT THE TOP OF THE WINDOW OR SELECTING THE ITEMS UNDER THE MENU ENTRY
4RACKANewA#ALIBRATION 4OOLS 9OU CAN SET UP ITEMS LIKE A CALIBRATION
STICK OR A REFERENCE SET OF AXES
/NE WAY TO DO THE ANALYSIS IS TO STEP THROUGH THE VIDEO FRAME BY
FRAME SELECTING THE OBJECT TO BE TRACKED WITHIN EACH FRAME 4HIS MAY
BE THE ONLY WAY TO COLLECT THE RAW DATA BUT HUMANS ARE LAZY )F THE
OBJECT BEING TRACKED IS RELATIVELY CONSISTENT ACROSS THE DURATION OF THE
VIDEO CLIP IN QUESTION YOU CAN TRY USING THE AUTOTRACKER #LICKING THE
autotracker button will pop up a new window where you can control
what is being tracked.
4RACKER HELPFULLY DISPLAYS REMINDER INFORMATION ON HOW TO USE THE
SOFTWARE )N THIS CASE IT REMINDS YOU THAT YOU NEED TO PRESS #TRL 3HIFT
AND LEFT
CLICK THE MOUSE BUTTON ON THE OBJECT OF INTEREST )F YOU THEN
Figure 9.
The autotracker
tries to follow
an object from
frame to frame
automatically.
click the search button within the autotracker window, it will move
THROUGH EACH FRAME LOOKING FOR THE OBJECT IN QUESTION /NCE IT IS DONE
YOU SHOULD HAVE A FULL SET OF DATA FROM THE TRACKED OBJECT &ROM THE
PLOT IN &IGURE YOU CAN SEE RIGHT AWAY THAT THE PENDULUM FOLLOWS THE
expected motion. You also can track multiple objects by creating a new
TRACK FOR EACH OBJECT
Figure 10. The autotracker can generate all of your raw data automatically.
.OW THAT YOUVE TAKEN A QUICK LOOK AT 4RACKER AND THE KIND OF
ANALYSIS YOU CAN DO WITH IT YOU SHOULD BE COMFORTABLE ENOUGH TO
START EXPERIMENTING WITH IT $ONT FORGET TO SHARE ANY INTERESTING
ideas you come up with on the community page and add to a great
RESOURCE FOR CITIZEN SCIENCE
Joey Bernard
RETURN TO CONTENTS
http://www.socallinuxexpo.org
Use Promo Code LJ15X for a 30%
discount on admission to SCALE
NEXT
PREVIOUS
Reuven M. Lerners
V
V
UpFront
At the Forge
Low Tech
EDITORS
High Tech CHOICE
Google Cardboard should be terrible. Really,
IT SHOULD )TS LITERALLY MADE OF CARDBOARD )
remember as a kid some cereal boxes came with spy glasses you
HAD TO CUT OUT OF THE BOX ITSELFAND THEY WERE TERRIBLE "UT 'OOGLE
#ARDBOARD IS AMAZING 'RANTED YOU NEED TO ADD YOUR !NDROID
RETURN TO CONTENTS
Testing
Models REUVEN M.
Youve created a machine-learning model. Now, LERNER
how do you know if it works well? Reuven M. Lerner offers
training in Python, Git and
PostgreSQL to companies
around the world. He blogs
NEXT at http://blog.lerner.co.il,
PREVIOUS tweets at @reuvenmlerner
Dave Taylors
V
V
THE QUANTITY AND QUALITY OF DATA YOU USE TO hTRAINv THAT MODEL
Implied in the above statement is that given the same input data,
DIFFERENT ALGORITHMS CAN PRODUCE DIFFERENT RESULTS &OR THIS REASON ITS NOT
ENOUGH TO CHOOSE A MACHINE
LEARNING ALGORITHM 9OU ALSO MUST TEST THE
RESULTING MODEL AND COMPARE ITS QUALITY AGAINST OTHER MODELS AS WELL
3O IN THIS ARTICLE ) EXPLORE THE NOTION OF TESTING MODELS ) SHOW HOW
0YTHONS SCIKIT
LEARN PACKAGE WHICH YOU CAN USE TO BUILD AND TRAIN
models, also provides the ability to test them. I also describe how
SCIKIT
LEARN PROVIDES TOOLS TO COMPARE MODEL EFFECTIVENESS
Testing Models
7HAT DOES IT EVEN MEAN TO hTESTv A MODEL !FTER ALL IF YOU HAVE BUILT
a model based on available data, doesnt it make sense that the model
WILL WORK WITH FUTURE DATA
Perhaps, but you need to check, just to be sure. Perhaps the algorithm
ISNT QUITE APPROPRIATE FOR THE TYPE OF DATA YOURE EXAMINING OR PERHAPS
there wasnt enough data to train the model well. Or, perhaps the data
WAS FLAWED AND THUS DIDNT TRAIN THE MODEL EFFECTIVELY
"UT ONE OF THE BIGGEST PROBLEMS WITH MODELING IS THAT OF
hOVERFITTINGv /VERFITTING MEANS THAT THE MODEL DOES A GREAT JOB OF
describing the training data, but that it is tied to the training data so
CLOSELY AND SPECIFICALLY IT CANNOT BE GENERALIZED FURTHER
&OR EXAMPLE LETS ASSUME THAT A CREDIT
CARD COMPANY WANTS TO
MODEL FRAUD 9OU KNOW THAT IN A LARGE NUMBER OF CASES PEOPLE USE
CREDIT CARDS TO BUY EXPENSIVE ELECTRONICS !N OVERFIT MODEL WOULDNT
just give extra weight to someone buying expensive electronics in
ITS DETERMINATION OF FRAUD IT MIGHT LOOK AT THE EXACT PRICE LOCATION
AND TYPE OF ELECTRONICS BEING BOUGHT )N OTHER WORDS THE MODEL WILL
precisely describe what has happened in the past, limiting its ability
TO GENERALIZE AND PREDICT THE FUTURE
)MAGINE IF YOU COULD READ LETTERS THAT WERE ONLY FROM A FONT
YOU HAD PREVIOUSLY LEARNED AND YOU CAN FURTHER UNDERSTAND THE
LIMITATIONS OF OVERFITTING
(OW DO YOU AVOID OVERFIT MODELS 9OU CHECK THEM WITH A VARIETY
OF INPUT DATA )F THE MODEL PERFORMS WELL WITH A NUMBER OF DIFFERENT
INPUTS IT SHOULD WORK WELL WITH A NUMBER OF OUTPUTS
%pylab inline
import pandas as pd # load pandas with an alias
from pandas import Series, DataFrame # load useful Pandas classes
df = pd.read_csv('burrito.csv') # read into a data frame
burrito_data = df[range(11,24)]
burrito_data.drop(['Circum', 'Volume', 'Length'], axis=1, inplace=True)
burrito_data.dropna(inplace=True, axis=0)
y = burrito_data['overall']
X = burrito_data.drop(['overall'], axis=1)
from sklearn.neighbors import KNeighborsRegressor # import
# classifier
KNR = KNeighborsRegressor() # create a model
KNR.fit(X, y) # train the model
3O IS THE MODEL GOOD OR NOT 9OU CAN KNOW ONLY IF YOU TRY TO MAKE
SOME PREDICTIONS FOR WHICH YOU KNOW THE ANSWERS AND SEE WHETHER
the model predicts things correctly.
7HERE CAN YOU FIND DATA ABOUT WHICH YOU ALREADY KNOW THE
ANSWERS )N THE INPUT DATA OF COURSE 9OU CAN ASK THE MODEL +.2
TO MAKE PREDICTIONS ABOUT 8 AND COMPARE THOSE WITH Y )F THE MODEL
WERE PERFORMING CATEGORIZATION YOU EVEN COULD EXAMINE IT BY HAND
TO GET A BASIC ASSESSMENT "UT USING REGRESSION OR EVEN A LARGE
SCALE
CATEGORIZATION MODEL YOURE GOING TO NEED A MORE SERIOUS SET OF METRICS
&ORTUNATELY SCIKIT
LEARN COMES WITH A NUMBER OF METRICS YOU CAN USE )F YOU SAY
then you have access to methods that can be used to compare your
PREDICTED VALUES THAT IS FROM THE ORIGINAL hYv VECTOR TO THE VALUES
that were computed by the model. You can apply several scores to the
MODEL ONE OF THEM WOULD BE THE hEXPLAINED VARIANCE SCOREv 9OU CAN
GET THAT AS FOLLOWS
y_test = KNR.predict(X)
from sklearn import metrics
metrics.mean_squared_error(y_test, y)
for k in range(1,10):
print(k)
KNR = KNeighborsRegressor(n_neighbors=k)
KNR.fit(X, y)
y_test = KNR.predict(X)
print "\t", metrics.mean_squared_error(y_test, y)
print "\t", metrics.explained_variance_score(y_test, y)
4HE GOOD NEWS IS THAT YOU HAVE NOW LOOKED AT HOW THE +.2 MODEL
CHANGES WHEN CONFIGURED WITH DIFFERENT VALUES OF n_neighbors .
Moreover, you see that when n_neighbors YOU GET NO ERROR AND
EXPLAINED VARIANCE 4HE MODEL IS A SUCCESS
Split Testing
"UT WAIT 4HE ABOVE TEST IS A BIT SILLY )F YOU TEST THE MODEL USING DATA THAT
WAS PART OF THE TRAINING YOU WOULD BE SURPRISED IF THE MODEL didnt get it
AT LEAST PARTLY RIGHT 4HE REAL TEST OF A MODEL IS HOW WELL IT WORKS WHEN IT
encounters new data.
)TS A BIT OF A DILEMMA 9OU WANT TO TEST THE MODEL WITH REAL
WORLD
DATA BUT IF YOU DO THAT YOU DONT NECESSARILY KNOW WHAT ANSWER SHOULD
APPEAR !ND THAT MEANS YOU CANT REALLY TEST IT AFTER ALL
4HE MODELING WORLD HAS A SIMPLE SOLUTION TO THIS PROBLEM 5SE ONLY A
SUBSET OF THE TRAINING DATA TO TRAIN THE MODEL AND USE THE REST FOR TESTING IT
SCIKIT
LEARN HAS FUNCTIONALITY THAT SUPPORTS THIS hTRAIN
TEST
SPLITv
FUNCTIONALITY 9OU INVOKE THE train_test_split FUNCTION ON YOUR
ORIGINAL 8 AND Y VALUES GETTING TWO 8 VALUES FOR TRAINING AND TESTING
AND TWO Y VALUES FOR TRAINING AND TESTING BACK !S YOU MIGHT EXPECT
you then can train the model with the X_train and y_train values and
test it with X_test and y_test :
Multiple Splits
4HE SPLIT
TEST THAT YOU DO MIGHT SOMEHOW TICKLE THE MODEL IN SUCH A
WAY THAT IT GIVES PARTICULARLY GOOD OR BAD RESULTS 7HAT YOU REALLY
NEED TO DO IS TRY DIFFERENT SPLITS SO YOU CAN BE SURE THAT NO MATTER
WHAT TRAINING DATA YOU USE THE MODEL PERFORMS OPTIMALLY 4HEN YOU
CAN AVERAGE THE RESULTS OVER A BUNCH OF DIFFERENT SPLITS
)N THE WORLD OF SCIKIT
LEARN THIS IS DONE USING +&OLD 9OU INDICATE
HOW MANY DIFFERENT INSTANCES OF THE MODEL YOULL WANT TO CREATE AND
THE NUMBER OF hFOLDSv THAT IS SPLIT TESTS YOULL WANT TO RUN
7 ITH THE kfold object in place, you then can pass it to the
cross_val_score method in the cross_validation module.
9OU PASS IT THE MODEL +.2 IN THIS CASE 8 Y AND THE kfold
object you created:
4HE cv_results object you get back describes the cross validation
AND TYPICALLY IS ANALYZED BY LOOKING AT ITS MEAN THAT IS WHAT WAS THE
AVERAGE SCORE ACROSS THOSE RUNS AND THE STANDARD DEVIATION THAT IS
HOW MUCH VARIANCE WAS THERE ACROSS RUNS
print cv_results.mean()
print cv_results.std()
0.310254620082
0.278746712239
3URE ENOUGH WHEN K YOU GET RESULTS THAT ARE SIGNIFICANTLY BETTER
THAN WHEN K
0.594573190846
0.161443573949
4HAT SAID ) DO BELIEVE ITS LIKELY YOU CAN CREATE A BETTER MODEL
0ERHAPS A BETTER CLASSIFIER FOR REGRESSION WOULD IMPROVE THINGS
Perhaps using categorization, rather than regression, in which you
round the values in y to the nearest integer and treat scores as
DISTINCT CATEGORIES WOULD WORK 0ERHAPS AS MENTIONED BEFORE
I should have paid more attention to which columns were most
AND LEAST IMPORTANT AND DONE SOME BETTER FEATURE SELECTION
Regardless, with a proper test system in place, youre now able
Summary
)TS NOT ENOUGH TO CREATE A MACHINE
LEARNING MODEL TESTING IT IS ALSO
IMPORTANT !S YOU SAW HERE SCIKIT
LEARN MAKES IT RELATIVELY EASY TO
CREATE SPLIT
TEST AND THEN EVALUATE ONE MODEL OR EVEN A WHOLE BUNCH
OF THEM
3UPERVISED LEARNING ISNT THE ONLY TYPE OF MACHINE LEARNING OUT
there. In many cases, you can ask the computer to divide your data
into multiple groups based on heuristics it develops, rather than
categories that you have trained. In my next article, I plan to look at
HOW AND WHEN TO BUILD hUNSUPERVISED LEARNINGv MODELS Q
RETURN TO CONTENTS
Is the Moon
Waxing or DAVE TAYLOR
be found on Twitter
At the Forge Hack and / as @DaveTaylor,
and you can reach
him through his
tech Q&A site: http://
www.AskDaveTaylor.com.
I DONT KNOW ABOUT YOU, but Im still thinking
EXTRA
PLANETARY THOUGHTS AS WE GO THROUGH THE TAIL
END OF THIS PARTICULARLY CONTENTIOUS ELECTION SEASON
AND ITS AFTERMATH -AYBE LIFE ON OTHER PLANETS IS
EASIER !H MAYBE NOT
In any case, I completed the Martian lander and
NOW AM ENMESHED IN A PHASE OF THE MOON SCRIPT
In my last article, I talked about the complications
OF CALCULATING THE PHASE OF THE MOON AND DECIDED
simply to scrape the same web site that Google
uses: http://www.moongiant.com.
4HAT SITE PROVIDES THE CURRENT MOON ILLUMINATION
level, which lets you break it down into the phases
OF NEW MOON CRESCENT QUARTER GIBBOUS AND
FULL !MATEUR ASTRONOMERS KNOW THAT THE FUN PART OF TRACKING THE
MOONS PHASE IS TO UNDERSTAND WHETHER ITS hWAXINGv GROWING MORE
ILLUMINATED OR hWANINGv GROWING LESS ILLUMINATED
Although at any given moment the moon is illuminated based on
ITS LOCATION AND YOUR LOCATION RELATIVE TO THE SUN THE FULL CYCLE OF A
MOON PHASE STARTS AND ENDS WITH A NEW ILLUMINATED MOON AND
THE FULL MOON ILLUMINATED IS THE MID
POINT OF THE JOURNEY
4HEREFORE TO ASCERTAIN WAXING OR WANING ALL YOU NEED TO DO IS
know the moons illumination level today and either yesterday or
tomorrow. Fortunately, the Moon Giant website obligingly has the
ABILITY FOR YOU TO ASCERTAIN THE ILLUMINATION LEVEL FOR A SPECIFIC DATE
! QUICK VISIT TO THE SITE WITH A REGULAR WEB BROWSER REVEALS THAT IT WORKS
USING A DATE
BASED 52, FORMAT LIKE THIS HTTPWWWMOONGIANTCOM
PHASE
3O YOU CAN BUILD THE DATE 52, FOR THE DAY BEFORE TODAY WITH A CALL
to the date PROGRAM )F YOUVE GOT THE '.5 VERSION OF date , its easy
to back up a day:
$ date
Mon Nov 7 11:40:31 MST 2016
$ date -v -1d
Sun Nov 6 11:40:15 MST 2016
)T TURNS OUT THAT YOU ALSO CAN SPECIFY THAT YOU WANT TO BACK UP
HOURS ALTHOUGH OF COURSE THE NET RESULT IS THE SAME
$ date -v -24H
Sun Nov 6 11:40:24 MST 2016
More important, you can pass date A FORMAT STRING THAT YOU THEN CAN
evaluate with the eval FUNCTION SO YOU CAN SET MONTH DAY AND YEAR FOR
yesterday in one easy step:
)TS QUITE A HANDY TRICK WHEN YOU NEED TO WORK WITH EXTRACTING SPECIFIC
ELEMENTS FROM DATE AND X THAT WHEN IT ALSO INVOLVES DATE MATH
url_ago="http://www.moongiant.com/phase"
eval $( date -v -1d +"mon=%m day=%d year=%Y" )
ydayurl="$url_ago/$mon/$day/$year"
4HE GOOD NEWS IS THAT THE RESULTANT WEB PAGE HAS THE SAME FORMAT
AS THE PAGE FOR TODAYS ILLUMINATION LEVEL TOO SO THE SAME curl|grep
SEQUENCE EXPLORED IN MY LAST ARTICLE CAN BE REUSED FOR THIS TASK
)N FACT LETS ADD A DEBUGGING STATEMENT THAT DISPLAYS BOTH TODAYS LUNAR
illumination level and yesterdays level:
2UNNING IT ON .OVEMBER HERES WHAT THE SCRIPT AND THE -OON
Giant website report:
4HATS JUST ABOUT THE ENTIRE SCRIPT )F ) RUN IT ON .OVEMBER THE
MOON IS ILLUMINATED WHICH MAKES IT A QUARTER MOON n
so the output is:
! FEW DAYS LATER ON .OVEMBER THE OUTPUT IS WHAT YOU WOULD HOPE
Creeping Featurism
9OU COULD DO PLENTY OF THINGS WITH THIS SCRIPT TO IMPROVE IT AND MAKE IT
MORE POWERFUL AND FLEXIBLE 4HE EASIEST WOULD BE SIMPLY TO REWRITE THAT
output line so its less grammatically awkward:
Now the output will make a bit more sense as the script reports
THAT h)TS A WANING GIBBOUS MOON THATS ILLUMINATEDv
4HE BIGGER TASK IS TO ALLOW USERS TO SPECIFY A DATE AND CALCULATE THE
VALUES FOR THAT PARTICULAR DATE INCLUDING THE DAY PRIOR TO THE DATE
SPECIFIED ) WOULD DO THIS USING THE SAME BASIC date -v approach,
BUT FIRST PARSE USERS INPUT AND BREAK IT DOWN INTO MONTH DAY AND
year. For simplicitys sake, constrain their input to a MM/DD/YYYY
FORMAT AND THERES SURPRISINGLY LITTLE INVOLVED IN THE TASK
&OR HUGE BONUS POINTS OF COURSE A GRAPHICAL DISPLAY WOULD BE
NICE "UT THATS HARD TO DO WITH A SHELL SCRIPT RIGHT
Next Month
4HATS IT FOR SPACE .EXT MONTH )M PLANNING TO TURN BACK TO GAMES
and explore how to write a rock, paper, scissors game. You might
WANT TO STUDY THE GAME FIRST SO YOURE READY Q
RETURN TO CONTENTS
Orchestration
with KYLE RANKIN
Part II
Systems Administrator
in the San Francisco
Bay Area and the author
of a number of books,
Automate yourself out of a job with a few well including The Official
Users Group.
The Open-Source
Work the Shell
Classroom
Q 3ET A SHORT MAINTENANCE WINDOW FOR THE SERVER IN YOUR MONITORING SYSTEM
Q 4ELL YOUR LOAD BALANCERS TO DRAIN ANY EXISTING SESSIONS TO THIS SERVER
)F ANY OF THOSE STEPS FAILS THE ADMINISTRATOR WOULD STOP THE UPDATE
AND GO INVESTIGATE AND FIX THE PROBLEM /FTEN IF THERE IS GOING TO BE
A FAILURE IT WILL BE AT THE SOFTWARE
UPDATE OR HEALTH
CHECK PHASE AND
THE POINT OF THIS PROCESS IS TO MAKE SURE THAT IF AN UPGRADE DOESNT GO
WELL YOU STOP AT THE FIRST SERVER BEFORE PUSHING BROKEN SOFTWARE TO THE
REST OF THE ENVIRONMENT
4RADITIONALLY ADMINISTRATORS MIGHT PERFORM ALL OF THE ABOVE STEPS
MANUALLY BY LOGGING IN TO DIFFERENT SERVERS AND INTERACTING WITH
DIFFERENT WEB INTERFACES PERHAPS 4HE NEXT STEP THEY FOLLOW GENERALLY
INVOLVES WRAPPING A SERIES OF 33( COMMANDS THAT WOULD PERFORM THESE
ACTIONS INTO A SHELL SCRIPT AND THEN MAINTAIN SOME LOCAL CONFIGURATION
FILE THAT DEFINES LISTS OF SERVERS
7ITH -#OLLECTIVE THE PROCESS IS SIMILAR WITH THE MAIN DIFFERENCE
being that MCollective doesnt need to have SSH root privileges on
THESE MACHINES )NSTEAD -#OLLECTIVE PERFORMS ITS TASKS BY PUTTING A
LIMITED SET OF COMMANDS IN A JOB QUEUE THAT ALL OF THE SERVERS CHECK
4HE COMMANDS ARE RESTRICTED BY WHAT -#OLLECTIVE PLUGINS YOU HAVE
INSTALLED ON A PARTICULAR SERVER AND -#OLLECTIVE DOES A GOOD JOB OF
SANITIZING INPUT FROM THE PLUGINS IT INCLUDES BY DEFAULT
-OST OF THE ABOVE COMMANDS IN THAT DEPLOY LIST CAN BE COMPLETED
USING THE DEFAULT PLUGINS -#OLLECTIVE INCLUDES ) USE .AGIOS FOR
monitoring, and although MCollective does include a plugin that
LETS YOU PERFORM .20% COMMANDS A .AGIOS AGENT THAT RUNS ON EACH
server that allows Nagios to run local commands to check disk space,
2!- AND SO ON IT DOESNT INCLUDE ANYTHING THAT COULD DIRECTLY SET A
maintenance mode in Nagios.
!NOTHER MISSING PIECE IN THE ABOVE LIST OF COMMANDS IS THE ABILITY
to interact with a load balancer. Many people might skip this step
THESE DAYS AS THEY ARE USING SOMETHING LIKE NGINXS INTERNAL LOAD
balancing abilities and may not have an easy way to set something
like a maintenance mode to drain existing connections to a host. In
that case, you may just skip ahead to stopping the service and let the
HEALTH CHECK DETECT THE FAILURE 4HAT APPROACH RISKS DROPPING EXISTING
connections though, and because I use Haproxy as my load balancer,
) CAN USE ITS BUILT
IN COMMAND MODE TO SET A MAINTENANCE MODE ON
SPECIFIC SERVERS IF )M LOGGED IN TO THE LOAD BALANCER
Fortunately, MCollective has the ability to extend its existing set
OF COMMANDS WITH YOUR OWN CUSTOM PLUGINS TO PERFORM SPECIFIC
TASKS 5NFORTUNATELY WRITING PACKAGING AND DEPLOYING EVEN TRIVIAL
-#OLLECTIVE PLUGINS CAN BE A BIT COMPLICATED THE FIRST TIME YOU DO IT
AND ITS INVOLVED ENOUGH THAT IT WOULD REQUIRE AN ARTICLE ALL OF ITS OWN
MCollectives plugin documentation is a good place to start, and in
particular, the documentation on writing plugins that use MCollectives
20# FRAMEWORK MAKES THE CODE YOU HAVE TO WRITE MUCH MORE
STRAIGHTFORWARD EVEN IF YOU ARENT FAMILIAR WITH 2UBY
7HEN YOU WRITE A CUSTOM -#OLLECTIVE PLUGIN YOU CHOOSE A NEW PLUGIN
NAME SAY HAPROXY AND THEN DEFINE A LIST OF COMMANDS YOU WANT TO
PASS THAT NEW PLUGIN SUCH AS disable_server and enable_server
)F A COMMAND NEEDS SOME KIND OF ARGUMENT PASSED TO IT YOU ALSO
DEFINE THOSE 4HEN YOU MAP THOSE COMMANDS AND ARGUMENTS INTO BASIC
COMMAND
LINE COMMANDS USING THEIR 20# FRAMEWORK OR YOU CAN DIG IN
TO USING NATIVE 2UBY LIBRARIES IF YOU ARE FAMILIAR WITH THAT
I wrote a custom Nagios plugin and an Haproxy plugin that would
SEND MY CUSTOM COMMANDS TO THEIR COMMAND FILE AND COMMAND
SOCKET RESPECTIVELY 3O TO SET A MAINTENANCE MODE ON SERVEREXAMPLECOM
FOR .AGIOS AND (APROXY ) WOULD TYPE THESE COMMANDS
RETURN TO CONTENTS
My Love
Affair with
Synology
SHAWN
POWERS
Figure 1. The Synology DS1815+ is what I use, but the entire line of Synology NAS
devices shares a common interface.
Figure 2. The dashboard shows you information on your NAS at a glance. Im slowly
building my collection after the horrible data loss I suffered a few years ago.
PIRATING THINGS YOU DONT HAVE RIGHTS TO )TS OKAY IF YOU DISAGREE WITH MY
choice to download television shows via torrents, I get it. Really, I do. Just
IGNORE THOSE PARTS OF THIS ARTICLE
AT EXACTLY THE SAME TIME AND ) LOST ALL MY DATA INCLUDING FAMILY HOME
movies that I didnt have backed up anywhere. It still hurts. So really,
DONT SKIMP ON DRIVES ITS JUST NOT WORTH IT !LSO REMEMBER TO BACK UP
EVEN LARGE FILES 2!)$ ISNT A BACKUP TRUST ME
Why Synology?
)VE HAD $ROBOS 1.!0S AND MULTIPLE .ETGEAR DEVICES 4HEY ALL SUCKED
.O REALLY 4HE PERFORMANCE ON EVERY SINGLE DEVICE )VE HAD IN THE PAST
HAS BEEN HORRIBLE EVEN WITH GOOD DRIVES AND )VE NEVER BEEN ABLE TO
determine exactly why. Once more than one simultaneous read happens
OVER THE NETWORK THEY ALL JUST CRAP OUT 7ITH THE 3YNOLOGY ) CAN HAVE
FOUR P VIDEO STREAMS GOING AT ONCE WITHOUT ANY SLOWDOWN AT ALL
4HE OTHER THING ) LIKE ABOUT THE 3YNOLOGY IS ITS SOFTWARE -OST OTHER
NAS devices have apps that you can install on the Linux system, but the
3YNOLOGY APPS SEEM TO BE MORE ELEGANT AND WORK RELIABLY &IGURE )N
FACT THERE ARE SOME INCREDIBLE THINGS ) DO WITH THE .!3 DEVICE THAT )M
SURE WERENT EXACTLY WHAT IT WAS DESIGNED TO DO MORE ABOUT THAT IN A BIT
Figure 3. The apps are plentiful, and there are community-supported unofficial apps as well.
5LTIMATELY THE BIGGEST DRAW FOR ME IS HOW WELL 3YNOLOGY KEEPS ITSELF
updated and maintains its drives. It automatically does scans and integrity
checks, plus it does system updates without disrupting the servers I have
CONNECTED TO IT VIA .&3 %VERY OTHER .!3 )VE USED STAYS AT WHATEVER
SOFTWARE VERSION IT COMES WITH BECAUSE UPGRADING THE FIRMWARE ALMOST
ALWAYS MEANS DRIVE FAILURES AND SERVER LOCKUPS )M SURE THERE ARE
PROCEDURES FOR 1.!0 AND SUCH THAT MAKE UPGRADING POSSIBLE BUT THE
Synology does it automaticallyand I like that a lot.
TV and Torrents
I like the SickRage program not only because it automatically searches
AND DOWNLOADS NEW EPISODES OF MY TELEVISION SHOWS BUT ALSO BECAUSE
IT ORGANIZES MY EXISTING COLLECTION ) HAVE EVERY EPISODE OF Star Trek that
EVER HAS BEEN PRODUCED INCLUDING THE ANIMATED SERIES FROM THE S
AND 3ICK2AGE DOES AN INCREDIBLE JOB OF NAMING AND ORGANIZING THOSE FILES
As long as I spent ripping the Star Trek the Next Generation $6$S ) DONT
EVER WANT TO HAVE TO FIGURE OUT WHICH EPISODE IS WHICH AGAIN
In order to install SickRage, you actually need to install Sick Beard
#USTOMv AND THEN PASTE IN THE 3ICK2AGE 'IT 52, 4HE SHORT VERSION OF
the story is that Sick Beard was the original program, but the developer
STOPPED DEVELOPING IT SO FOLKS FORKED IT AND 3ICK2AGE IS THE BEST FORK OUT
THERE BY FAR %VEN IF YOURE NOT USING 3YNOLOGY YOU SHOULD BE RUNNING
SickRage. Head over to https://github.com/SickRage/SickRage FOR THE REPO
or http://sickrage.github.io FOR THE HOME PAGE
3ICK2AGE SUPPORTS LOTS OF TORRENT CLIENTS AND IT SUPPORTS .:" TOO
)VE FOUND .:" TO BE LESS RELIABLE THAN IT USED TO BE SO )VE MOVED
BACK TO TORRENTS ) LIKE THE 4RANSMISSION WEB INTERFACE SO THATS
what I use on Synology. Its another maintained app, so just search
FOR hTRANSMISSIONv IN THE PACKAGE INSTALLER APPLICATION )NTEGRATING
4RANSMISSION AND 3ICK2AGE IS BEYOND THE SCOPE OF THIS ARTICLE BUT
REST ASSURED ITS NOT DIFFICULT 3ICK2AGE IS DESIGNED TO WORK WITH
4RANSMISSION SO SETTING IT UP IS EASY Warning: IF YOU USE 3ICK2AGE
AND 4RANSMISSION TO DOWNLOAD TELEVISION SHOWS YOU will get DMCA
TAKE
DOWN NOTICES FROM YOUR )30 !PPARENTLY THE PRODUCTION COMPANIES
DISAGREE WITH MY RATIONALE FOR DOWNLOADING 46 EPISODES 4HANKFULLY
) HAVE A SOLUTION FOR THAT
Figure 4. Notice the gateway is in the 10.x.x.x range, which is not what I use on my local
network. That is assigned by the VPN.
Figure 5. This is the sneaky static route so I can connect to my VPN, but nothing else.
4HE 3YNOLOGY ALSO WILL ACT AS A ROUTER FORWARDING TRAFFIC 4HAT MEANS
I can point my Roku to the Synology as its gateway device, and Im
able to watch local blackout games on the MLB.tv app, because all the
TRAFFIC GOES THROUGH THE 60. 4HE ONLY CHANGE ) HAVE TO MAKE IS ON
my DHCP server, which gives the Synologys IP address as the Rokus
GATEWAY ADDRESS )T WORKS PERFECTLY AND SAVES ME SETTING UP ANOTHER
60. TO GET AROUND -,"S REGIONAL RESTRICTIONS (ONESTLY ) USUALLY
WATCH BASEBALL GAMES ON 4I6O BUT OCCASIONALLY THE GAME IS ON ONLY VIA
STREAMING AND ) LIKE HAVING THAT OPTION
Backups
2EMEMBER WHEN ) SAID 2!)$ WASNT A BACKUP 9EAH ) MEANT THAT )VE
lost too much valuable data through the years to depend on RAID to
PROTECT MY FILESEVEN WHEN THE DRIVES AND .!3 DEVICE SEEM TO BE
MORE SOLID THAN ANY )VE HAD IN THE PAST 4HANKFULLY 3YNOLOGY HAS A
FEW DIFFERENT BACKUP OPTIONS &IGURE 4HE MOST PRACTICAL ONE FOR
LARGE AMOUNTS OF DATA IS THE (YPER "ACKUP APP )T HAS THE ABILITY TO
COPY YOUR ENTIRE .!3 TO A VARIETY OF DESTINATIONS 7HETHER YOU CHOOSE
to buy another Synology NAS and store it in your shed or back up your
data to Amazon Glacier, the same Hyper Backup program can handle
the regular updates.
) DONT WANT TO PAY FOR !MAZON 3TORAGE EVEN THOUGH THE !MAZON
$RIVE 5NLIMITED IS DECENTLY PRICED AT YEAR ) WORRY THAT MY 4"
would cause Amazon to invent a reason to suspend my account. Plus,
it would take so long to back up my entire data store to the cloud,
that it literally might never get done. Right now, I just back up my
IRREPLACEABLE FILES HOME MOVIES PHOTOS AND SO ON 3OMEDAY ) HOPE TO
get a second Synology NAS and set up that mirror in the shed. Still,
3YNOLOGY HAS SO MANY BACKUP OPTIONS ITS HARD TO FIND A REASON TO
delay setting up a backup solution!
Things I Dont Do
4HE 3YNOLOGY HAD A DECENT PROCESSOR AND THE 2!- IS EVEN
UPGRADEABLE 3TILL ITS NOT A BEEFY SERVER WHEN IT COMES TO RESOURCE
hungry applications. For example, even though the Plex Media Server
is available in the package management system, Id never install it.
0LEX USES WAY TOO MUCH #05 TO TRANSCODE VIDEO STREAMS )M THANKFUL
THE 3YNOLOGY IS POWERFUL ENOUGH TO STREAM THE ACTUAL VIDEO FILES OVER
FILESHARES BUT THE THOUGHT OF TRANSCODING P -+6 STREAMS IN REAL
TIME )TS A BAD IDEA ) HAVE A STANDALONE SERVER ) USE FOR 0LEX -EDIA
3ERVER AND WHILE IT CAN TRANSCODE AT LEAST FOUR FULL RESOLUTION VIDEO
STREAMS ITS ALSO A HUGE I #05 WITH A BOATLOAD OF 2!- 5NLESS YOURE
DOING MINIMAL STREAMING WITH LOW
RESOLUTION VIDEO ) ENCOURAGE YOU TO
avoid Plex Media Server on any NAS device.
I also cant run the really amazing reverse proxy server on Synology.
4HE SETUP IS EASY AND THE CONFIGURATION IS VERY INTUITIVE BUT MY
60.NO
GATEWAY SETUP MEANS THAT THE REVERSE PROXY DOESNT WORK
OUTSIDE MY NETWORK %VEN IF ) FORWARD A PORT TO THE .!3 FROM MY
ROUTER IT TRIES TO SEND RESPONSES OUT THE 60. CONNECTION AND FAILS
2EVERSE PROXIES ARE EASY ENOUGH TO CONFIGURE ON ANY OTHER MACHINE
in my network, so its not a huge loss, but its worth noting that its
SOMETHING MY CRAZY 60. SYSTEM BREAKS
RETURN TO CONTENTS
V
V
PrestaShop
Helping people overcome the challenges of building and growing
an online business is what the PrestaShop open-source ecommerce
platform is all about. The significant PrestaShop 1.7 release provides
innovations focused on three themes: sell faster, create easier and
code better. PrestaShop 1.7 users will sell faster due to the entirely
redesigned UX that helps merchants with the daily management
of their stores via more effective back-office management and a
drastically reduced time to place products online. PrestaShop 1.7
users will create easier with new features like the starter theme, a
simple and flexible tool with all the functionality needed to design
the perfect store. The starter theme gives web designers significant
opportunity for creativity and customization. Finally, PrestaShop
1.7 users will code better with the incorporation of new tools and
standards, including the popular Symfony framework and PHP 7
compatibility. The goal is to improve site performance and code
security as well as to facilitate better development. PrestaShop
1.7 is already available in 25 languages and through community
crowdsourcing, it gradually will be available in many more.
http://prestashop.com
SoftMakers FlexiPDF
Editing PDFs is now as easy as word processing. This is SoftMakers
promise thanks to its new FlexiPDF 2017, a new PDF editor that
masters the creation of new PDF files as well as the editing
of text, graphics and drawings in existing ones. Available in
Standard and Professional versions, FlexiPDF goes far beyond
basic editing functions, empowering users to change almost any
aspect of PDF files. Just like in standard word processors, FlexiPDF
2017 offers an integrated track changes function, built-in spell
checker, commenting function, search and replace, highlighting
and exporting of PDFs to TextMaker, HTML, RTF, Microsoft Word
and EPUB formats. The integrated OCR function in FlexiPDF
converts scans into editable PDF files. FlexiPDF comes with its
own PDF printer driver that lets users create high-quality PDFs
directly from within any Windows application that can print.
FlexiPDF Professional is perfect for the translation of PDF files
into other languages. This is because it extracts the text of a PDF
document in a format that can be opened by common translation
programs. It then imports the translation back to the original PDF
documentin exactly the right spot.
http://flexipdf.com
Gordon H.
Williams
Making Things
Smart (Maker
Media, Inc.)
Pretty much anything in the
OReilly spin-off Make: series is like
catnip to us Linux cats, and the
new book Making Things Smart is
no exception. The book is subtitled
Easy Embedded ARM Programming
For Transforming Everyday Objects Into Intelligent Machines and
is authored by Gordon H. Williams. The book is Williams tool
for teaching readers the fundamentals of the powerful ARM
microcontroller by walking beginners and experienced users
alike through easily assembled projects composed of inexpensive,
hardware-store parts. In rebellion to the many current ARM
programming books that take a bland, textbook-ish approach with
focus on complex, beginner-unfriendly languagesthink C or ARM
AssemblerMaking Things Smart utilizes Espruino (JavaScript for
Hardware) to flatten the learning curve.
http://oreilly.com
RETURN TO CONTENTS
ONLINE PRIVACY
AND SECURITY
USING A
PASSWORD
MANAGER
Password managers make it easy to have unique user
names, unique email addresses and unique passwords for
each account. They also provide a secure store for
extra account details. Additional features like notes and
attachments allow you to use password managers as
secure escrow files like digital safety deposit boxes.
der.hans
NEXT
PREVIOUS
Feature: Low Power
V
V
New Products
Wireless: CoAP
I
NTERNET AND CLOUD COMPANIES DO NOT HAVE PERFECT SECURITY 9OURE ALL
FAMILIAR WITH LARGE
SCALE DATA THEFT FROM BIG CORPORATIONS !LTHOUGH
most enterprises do a great job considering the attacks against
them, you can do your part by protecting your own accounts.
)TS COMMON WISDOM TO USE A DIFFERENT PASSWORD FOR EACH ACCOUNT
"ETTER YET IS USING A UNIQUE EMAIL ADDRESS AS WELL $OING SO QUICKLY
BECOMES UNWIELDY HOWEVER SO YOU FIND YOU NEED AN EXTERNAL BRAIN
0ASSWORD MANAGERS FUNCTION WELL AS THIS EXTERNAL BRAIN AND CAN HELP WITH
MORE THAN JUST PASSWORDS 4HEY MAKE IT EASY TO HAVE UNIQUE ENTRIES FOR USER
NAMES EMAIL ADDRESSES SECURITY
QUESTION ANSWERS AND MUCH MORE
Figure 1. Password managers should have fields for record name, user name, website
and notes.
.OW YOU HAVE A UNIQUE USER NAME FOR YOUR BANK 4HE NEXT SOCIAL
MEDIA SITE THIEVES WILL HAVE TO FIGURE OUT BOTH YOUR USER NAME AND YOUR
password to attack your bank account.
5SE A UNIQUE EMAIL ADDRESS 2ATHER THAN CREATING A WHOLE NEW EMAIL
ACCOUNT YOU CAN LIKELY TAKE ADVANTAGE OF SUB
ADDRESSING
3OME EMAIL PROVIDERS HAVE SUB
ADDRESSING WHICH ALLOWS A SEPARATOR
CHARACTER AND THEN A TOKEN 7HEN DELIVERED THE EMAIL PROVIDER
IGNORES THE SEPARATOR CHARACTER AND THE TEXT AFTER IT &OR EXAMPLE
YOUVUCAPOB
MYBANK EXAMPLECOM WOULD BE DELIVERED TO
YOU EXAMPLECOM 3EE THE %MAIL 3UB
ADDRESSING SIDEBAR FOR MORE INFORMATION
5NIQUE EMAIL ADDRESSES MAKE IT HARDER FOR THIEVES TO SOCIAL
ENGINEER
companies, as they wont have your user name, whether or not its an
email address.
Since youre storing credentials in a password manager, you dont need
TO MEMORIZE OR EVEN SEE THEM )N FACT NOW YOUVE TURNED YOUR PASSWORD
MANAGER INTO A CREDENTIAL MANAGER HOLDING UNIQUE PASSWORDS UNIQUE
USER NAMES AND UNIQUE EMAIL ADDRESSES *UST A FEW PARAGRAPHS IN AND
youre already powering up!
5) Use more than four words for your password manager where backups
might be captured for long-term, offline attacks:
aMeisenbaer%tWiddle aGuamarina9dRovezpReamblezeSac
PASSWORD /PEN AND CLOSE IT THREE OR FOUR TIMES TO HELP YOU MEMORIZE
THE PASSWORD !FTER MINUTES DO THE CLOSE AND OPEN DANCE AGAIN THEN
make sure you test it the next morning as well. Forgetting that password
IS THE SAME AS LOSING THE FILETHE DATA IS UNAVAILABLE
4O ADD A NEW ENTRY EITHER CLICK THE KEY ICON WITH THE GREEN ARROW OR
THE %NTRIESA!DD .EW %NTRY DROP
DOWN MENU 4HE DROP
DOWN SHOWS A
THIRD OPTION THE #TRL
N SHORTCUT
+EE0ASS8 CAN AUTOGENERATE PASSWORDS )N ADDITION TO SPECIFYING
character groups like upper and lowercase letters, numbers and special
CHARACTERS YOU CAN CHOOSE LENGTH AND EXCLUDE LOOK
ALIKE CHARACTERS SUCH
)N ADDITION TO THE NOTES FIELD +EE0ASS8 X HAS FIELDS FOR ADDITIONAL
ATTRIBUTES 4HE LATTER IS A BETTER PLACE FOR STORING SECURITY QUESTIONS AND
ANSWERS !LTHOUGH BOTH FIELDS DISPLAY THE VALUES IN PLAIN TEXT THE DEFAULT
SCREEN DOES NOT SHOW ADDITIONAL ATTRIBUTES AND THERES A DROP
DOWN
menu to use them.
!DDITIONAL ATTRIBUTES CAN BE FOUND IN THE !DVANCED SECTION FOR AN
ENTRY 4O COPY THEM USE THE %NTRIES DROP
DOWN SELECT #OPY !TTRIBUTE
to Clipboard, then select the attribute you want.
For securely copying a secret, its important to keep it hidden and
KEEP IT SAFE 4HE PASSWORD STAYS HIDDEN BECAUSE IT ISNT DISPLAYED
)TS KEPT SAFE BECAUSE IT EXPIRES OUT OF THE CLIPBOARD "Y DEFAULT THE
CLIPBOARD IS CLEARED AFTER TEN SECONDS
Q Clipboard clearing.
Q Password generation.
AND ANYTHING ELSE YOUR FAMILY MIGHT NEED SHOULD YOU NO LONGER BE
AVAILABLE +EE0ASS8 ALSO CAN STORE ATTACHMENTS .OW YOU HAVE A DATA
escrow manager. Power up.
! CREDENTIAL MANAGER SHOULD LIBERALLY ALLOW TEXT FOR THE MASTER
PASSWORD +EEP0ASS FILES DO !S EXPECTED +EE0ASS ACCEPTS SPECIAL
CHARACTERS )N FACT WHEN ) GIVE PRESENTATIONS ON +EE0ASS8 ) OFTEN
DEMO UNLOCKING A +EE0ASS FILE WITH CUT AND PASTE OF 0ERL AND SHELL
script snippets.
+EE0ASS8 HAS AN !UTO
4YPE FEATURE THAT WILL LOG YOU IN TO
A WEBSITE WITH ONE HOT KEY #TRL
V !LTHOUGH OTHER PEOPLE
LIKE !UTO
4YPE FEATURES ) FIND IT TOO EASY TO MIS
CLICK AND
PASTE MY CREDENTIALS IN THE WRONG PLACE %VENTUALLY ) DO GET IT
RIGHT USUALLY LONG BEFORE hUSERTWYIM#IJ
FSF EXAMPLECOM
Z&S::W%H&(2G9F-#21P79.$84WRS1HKY,v STARTS
trending in Google searches.
+EE0ASS FILES ALSO SUPPORT AN EXPIRATION DATE FOR PASSWORDS AND
+EE0ASS8 PROVIDES PRESET TIME PERIODS LIKE THREE AND SIX MONTHS /NCE
THE ENTRY EXPIRES +EE0ASS8 MARKS IT WHEN VIEWING THE GROUP AS A
reminder to change the password.
+EE0ASS ALLOWS YOU TO ACCESS PREVIOUS VERSIONS OF AN ENTRY VIA ITS HISTORY
FEATURE )TS NOT QUITE REVISION CONTROL BUT ITS STILL HANDY
)TS ALSO HANDY TO PROVIDE A MEANS OF LIVE SECURITY AND AUTHENTICITY TESTING
For instance, LastPass is an online commercial password manager
WITH A HISTORY OF QUICKLY RESPONDING TO NEEDS &OR EXAMPLE SHORTLY AFTER
(EARTBLEED WAS ANNOUNCED ,AST0ASS INTEGRATED A CHECK TO VERIFY THE
DESTINATION WEBSITE DID NOT HAVE THE (EARTBLEED BUG BEFORE SENDING
CREDENTIALS )T ALSO DOES SOME VERIFICATION TO MAKE SURE YOURE CONNECTING
to the actual site rather than some phishing site.
,AST0ASS IS MOSTLY BROWSER
BASED 4HE COMPANY ALSO PROVIDES A
COMMAND
LINE TOOL WITH SOURCE AVAILABLE AND A PERUSAL OF SEVERAL FILES
YIELDED '0,V OR LATER LICENSING
LastPass does encryption and password creation on the client side,
so the company never has access to your unencrypted data. It shares
credentials by encrypting on the client side with the recipients public key.
Again, LastPass doesnt see unencrypted credentials.
,AST0ASS ALSO ADVERTISES A FEATURE THAT ALLOWS THE OTHER PERSON TO USE
the credentials without seeing them. Although LastPass cant view the
UNENCRYPTED DATA ITS FAIRLY EASY FOR THE RECIPIENT TO CAPTURE THE HIDDEN
PLAIN
TEXT PASSWORD
3EE THE 0ASSWORD -ANAGERS SIDEBAR FOR A LIST OF FREE SOFTWARE
password managers.
)F YOU PREFER PASSWORD GENERATION AND PASSWORD STORAGE TO COME FROM
DIFFERENT APPLICATIONS THE 'ENERATING 2ANDOM 4EXT SIDEBAR HAS SOME
IDEAS FOR CREATING YOUR OWN RANDOM STRINGS Q
der.hans is a free software, technology and entrepreneurial veteran. His roles have included director of
engineering, engineering manager, IS manager, community college instructor, developer, DBA and his
favorite, system administrator. He is also now a repeat author for Linux Journal. In his free time, der.hans
endeavors to help build the Free Software community through user group and conference leadership.
He is chairman of the Phoenix Linux User Group (PLUG), BoF organizer for the Southern California Linux
Expo (SCaLE) and founder of the Free Software Stammtisch. He's currently supprting manufacturing in
the US as a senior engineer at Shutterfly.
RESOURCES
KeePassX Licensing: https://github.com/keepassx/keepassx/blob/master/COPYING
LastPass: https://www.LastPass.com
RETURN TO CONTENTS
Here are some methods that are more efficient and less scratchy than trying
to train your cat to work on demand:
$ uuidcdef -u
A feature of this method is that one master password can derive any site
password without saving anything to disk. Theres even a tool to help with that:
One problem with derive-on-the-fly is that you dont have per-site random text.
passwordmaker does allow using an unencrypted configuration file.
EMAIL SUB-ADDRESSING
Sub-addressing augments your email address by inserting tokens. It turns
one email address into as many as you want.
A separator character is placed after the user name portion of an email address,
and then you can add a token, <username><character><token>@<domain>.
You decide on the token.
Tokens can protect your accounts as listed in the article and also filter
email. For instance, phishers like to send fake eBay mail. Its not eBays
fault, but its a popular target. With an eBay token, you know that email
without the token, user+pl8qr-ebay@example.com for instance, isnt from
eBay and can be trashed automagically.
Q Gmail: +
Q FastMail.FM: +
Q Kolab: +
Q Yahoo!: -
EMAIL SUB-ADDRESSING
ON YOUR OWN SMTP SERVER
Some common SMTP servers and their default separator characters are:
Q Postfix: +
PASSWORD MANAGERS
Many free software password managers are available:
Q +EE0ASS8 https://www.keepassx.org
Q KeePassDroid: http://www.keepassdroid.com
Q kpcli: HTTPKPCLISOURCEFORGENET
Q KeePass: HTTPWWWKEEPASSINFO
Q pass: https://www.passwordstore.org
Q PWMAN HTTPSPWMANGITHUBIOPWMAN
KDE and GNOME have built-in password managers, and there are web
browser plugins.
LOW POWER
WIRELESS:
CoAP
This article concludes the series on 6LoWPAN by looking
at the application layer: device description using CoRE Link
Format, data formats using CBOR and REST APIs. Although
these are only one set of choices, they are emerging as the
principal choices for low power devices. I use Python to
illustrate these, but many other languages are possible.
JAN NEWMARCH
PREVIOUS
Feature: Online Privacy NEXT
V
V
I
N MY PREVIOUS TWO ARTICLES SEE THE .OVEMBER AND $ECEMBER
ISSUES OF LJ ) DESCRIBED SETTING UP A ,O70!. NETWORK AND THEN
integrating that into the internet so that the low power sensor/
ACTUATOR NODES CAN TALK TO INTERNET HOSTS AND VICE VERSA 4HIS IS
ONE OF THE MAJOR MECHANISMS CURRENTLY PROPOSED FOR BRINGING THE
)NTERNET OF 4HINGS )O4 TO LIFE
Once you have established a communications pathway, however, you
need to look at how you are going to use that pathway to exchange
INFORMATIONSPECIFICALLY THE PROTOCOLS AND THE DATA TYPES 4HE
CURRENTLY FAVORED PROTOCOLS ARE -144 -1 4ELEMETRY 4RANSPORT AND
#O!0 #ONSTRAINED !PPLICATION 0ROTOCOL AND THEY EACH FILL DIFFERENT
ROLES -144 IS A MESSAGING SYSTEM USING PUBLISHSUBSCRIBE WHICH HAS
BEEN ADAPTED FOR LOW POWER DEVICES #O!0 IS SIMILAR TO AND BASED
ON (440 BUT IS HEAVILY OPTIMIZED FOR LOW POWER DEVICES 4HIS ARTICLE
FOCUSES ON #O!0
CoAP
4HE 7ORLD 7IDE 7EB IS BUILT ON THE (440 PROTOCOL 4HIS IS A TRADITIONAL
CLIENTSERVER MODEL WHERE CLIENTS CONNECT TO A SERVER OVER 4#0 AND MAKE
REQUESTS OF THE SERVER WHICH IN TURN PREPARES REPLIES AND DELIVERS THEM TO
THE CLIENT 4HE OUTSTANDING SUCCESS OF THE 7EB HAS LED TO THIS BEING USED
AS THE MODEL FOR #O!0 WITH THE FOLLOWING APPROPRIATE CHANGES
Q (440 DOES NOT ALLOW MESSAGES TO BE SENT FROM THE SERVER TO CLIENTS
SO #O!0 HAS ADDED A MECHANISM FOR THIS 4HIS IS COMING INTO (440
through server push mechanisms.
REST
2%34 2%PRESENTATIONAL 3TATE 4RANSFER IS THE PHILOSOPHY BEHIND (440
DESCRIBED BY 2OY &IELDING THE PRINCIPAL (440 ARCHITECT IN HIS 0H$
THESIS )N A HORRIBLY EMASCULATED FORM HE SAYS THAT RESOURCES ARE
IDENTIFIED BY 52)S SUCH AS 7EB 52,S AND RESOURCES ARE ACCESSED
USING ONLY FOUR VERBS '%4 054 0/34 AND $%,%4% WITH DEFINED
MEANINGS ALTHOUGH WHEN TO USE 054 AND WHEN TO USE 0/34 IS STILL
DEBATED 4HESE DEFINITIONS ARE
Q 054 SET A NEW VALUE FOR A RESOURCE &OR A HEATING SYSTEM IT COULD BE
setting a new temperature value.
Q 0/34 USUALLY USED TO CREATE A NEW RESOURCE AND POSSIBLY OF LIMITED USE
FOR SENSORS AND ACTUATORS
coap://[fd28::2]/temperature
USING THE GLOBAL )0V ADDRESS YOU SET ON THE hSENSORv 20I IN THE
#!/usr/bin/env python3
import asyncio
from aiocoap import *
@asyncio.coroutine
def main():
protocol = yield from Context.create_client_context()
request = Message(code=GET)
request.set_request_uri('coap://[fd28::2]/temperature')
try:
response = yield from protocol.request(request).response
except Exception as e:
print('Failed to fetch resource:')
print(e)
else:
print('Result: %s\n%r'%(response.code,
response.payload.decode('utf-8')))
if _ _name_ _ == "_ _main_ _":
asyncio.get_event_loop().run_until_complete(main())
4HE SERVER USES THE ASYNCHRONOUS )/ PACKAGE ASYNCIO !GAIN YOU CAN
IGNORE THE DETAILS OF THIS 4HE IMPORTANT THING IS TO ADD resources that can
BE ACCESSED BY #O!0 USER AGENTS CLIENTS 9OU ADD A NEW RESOURCE WITH
root.add_resource(('temperature',), TemperatureResource())
WHICH SETS THE 52)
0ATH TEMPERATURE OF THE RESOURCE ON THIS HOST AND
A CLASS TemperatureResource TO BE INVOKED WHEN THE RESOURCE IS
REQUESTED !NY NUMBER OF RESOURCES CAN BE ADDED SUCH AS PRESSURE
motion and so on, each with their own class handler.
4HE HANDLING CLASS IS THE MOST COMPLEX AND THERE ARE MANY POSSIBILITIES
4HE SIMPLEST WILL SUBCLASS FROM aiocoap.resource.Resource
and will have a method render_get , which is called when a GET FOR
A REPRESENTATION OF THE RESOURCE IS NEEDED &OR THE EXAMPLE SENSOR
THIS GETS THE #05 TEMPERATURE AS BEFORE AND THEN WRAPS IT INTO AN
aiocoap.Message . Heres the server code:
#!/usr/bin/env python3
import asyncio
import aiocoap.resource as resource
import aiocoap
from subprocess import PIPE, Popen
class TemperatureResource(resource.Resource):
def _ _init_ _(self):
super(TemperatureResource, self)._ _init_ _()
@asyncio.coroutine
def render_get(self, request):
process = Popen(['vcgencmd', 'measure_temp'], stdout=PIPE)
output, _error = process.communicate()
return aiocoap.Message(code=aiocoap.CONTENT, payload=output)
def main():
# Resource tree creation
root = resource.Site()
root.add_resource(('temperature',), TemperatureResource())
asyncio.async(aiocoap.Context.create_server_context(root))
asyncio.get_event_loop().run_forever()
if _ _name_ _ == "_ _main_ _":
main()
4HE OUTPUT FROM RUNNING THE CLIENT AGAINST THIS SERVER IS SIMILAR TO THIS
as in previous examples.
Data Formats
(440 HAS MECHANISMS TO QUERY AND TO SPECIFY DATA FORMATS &OR (440 THIS
is managed by Content Negotiation, and this idea is carried across into
#O!0 A CLIENT CAN REQUEST PARTICULAR DATA FORMATS WHILE THE SERVER MAY
HAVE PREFERRED AND DEFAULT FORMATS
{
"temperature" : 37.9,
"units" : 'C'
}
#"/2 TRANSLATES THIS INTO A BINARY FORMAT WHICH MAY BE MORE CONCISE
4O USE #"/2 FIRST YOU NEED TO INSTALL IT 0YTHON PACKAGES NORMALLY
are installed using pip , and the RPi does not come with this installed.
So install both it and the cbor MODULE NOTE THAT YOU WANT THE 0YTHON
VERSIONS
CONTENT_FORMAT_CBOR = 60
class TemperatureResource(resource.Resource):
def _ _init_ _(self):
super(TemperatureResource, self)._ _init_ _()
@asyncio.coroutine
def render_get(self, request):
process = Popen(['vcgencmd', 'measure_temp'], stdout=PIPE)
output, _error = process.communicate()
list = re.split("[='\n]", output.decode('utf-8'))
dict = {'temperature' : float(list[1]), 'unit' : list[2]}
mesg = aiocoap.Message(code=aiocoap.CONTENT,
payload=cbor.dumps(dict))
mesg.opt.content_format = CONTENT_FORMAT_CBOR
return mesg
request = Message(code=GET)
request.set_request_uri('coap://[fd28::2]/temperature')
try:
response = yield from protocol.request(request).response
except Exception as e:
print('Failed to fetch resource:')
print(e)
else:
if response.opt.content_format == CONTENT_FORMAT_CBOR:
print('Result: %s\n%r'%(response.code,
cbor.loads(response.payload)))
else:
print('Unknown format')
Device Descriptions
4HE CODE ABOVE IS FINE FOR INTERACTING WITH A TEMPERATURE SENSORONCE
YOU KNOW WHAT THAT IS 9OU MAY HAVE HUNDREDS OF SENSORS OF DIFFERENT
TYPES AND ALL YOU MAY KNOW IS THEIR )0V ADDRESS 4O COMPLETE THIS YOU
NEED TO KNOW THE FOLLOWING
Q 7HAT ARE THE SPECIAL VALUES FOR YOUR SENSOR FOR EXAMPLE MAX
AND MIN TEMPERATURES
Q (OW DO YOU KNOW HOW THE #O!0 REQUESTS INTERACT WITH YOUR DEVICE
!T THE MOMENT THERE ARE NO INDUSTRY
AGREED
UPON ANSWERS TO THOSE QUESTIONS
/NE COULD SAY THAT UNFORTUNATELY THIS IS ANOTHER OF THE DIFFERENTIATORS IN THE
)O4 WORLD 4HE )%4& IN 2&# AND 2&# HAS MADE SOME PROGRESS BUT
THERE ARE STILL OPEN ISSUES AND THEY ARE NOT UNIFORMLY ADOPTED
&ROM 2&# EACH DEVICE SHOULD HAVE A 52)
PATH OF WELL
KNOWNCORE
WHICH CAN BE ACCESSED BY AN (440 GET coap://<IPv6-addr>/
.well-known/core REQUEST 2&# SPECIFIES THAT THE REPRESENTATION
MUST BE IN #O2% ,INK &ORMAT WHICH ) WILL DESCRIBE SOON
4WO NEW LINK ATTRIBUTES ARE ADDED TO THE STANDARD 7EB LINK HEADERS OF
RFC 5988, such as title 4HE NEW ATTRIBUTES ARE THE FOLLOWING
INTERFACE FOR THE DEVICETHAT IS HOW TO CALL IT USING GET , PUT and so on,
AND WHAT IS RETURNED FROM THOSE CALLS (OW AN INTERFACE IS DESCRIBED ISNT
SPECIFIED BY 2&# !LTHOUGH POSSIBLY USING 7!$, 7EB !PPLICATION
$ESCRIPTION ,ANGUAGE IS SUGGESTED THE /PEN #ONNECTIVITY &OUNDATION
USES 2!-, 2%34FUL !0) -ODELING ,ANGUAGE AND THE 7IKIPEDIA PAGE ON
2%34FUL !0)S LISTS A DOZEN MORE PROBABLY USED BY SOME GROUP OR OTHER
)NVESTIGATING 2%34 !0) LANGUAGES IS BEYOND THE SCOPE OF THIS ARTICLE SO
lets just assume the well known core resource has a value like this:
</temperature>;rt="jan.newmarch:temperature-sensor";
if="https://jan.newmarch.name/temperature-sensor"
</.well-known/core>; ct=40,
</temperature>;
if="https://jan.newmarch/temperature-sensor";
rt="jan.newmarch.name:temperature-sensor"
Conclusion
4HIS SERIES HAS ADDRESSED THE ISSUES OF SETTING UP A ,O70!. LOW POWER
WIRELESS NETWORK USING THE /PEN,ABS RADIOS ON 2ASPBERRY 0IS FOLLOWED
BY BRINGING THESE DEVICES INTO INTERNET VISIBILITY 4HIS CONCLUDING ARTICLE
LOOKS AT DATA FORMATS AND PROTOCOLS FOR THE )O4
-ANY TOPICS HAVE BEEN OMITTED 4HE MAJOR ONE IS THAT OF SECURITY
as the system I have described here is wide open to snooping and
HACKING 4HE SECURITY MECHANISMS ARE ALL THERE BUT THEY ARE A FULL TOPIC
in their own right.
) ALSO HAVE IGNORED THE ISSUE OF HOW EXTERNAL CLIENTS FIND THE )0
ADDRESSES OF THE CLIENTS 4HIS IS ANSWERED BY INTERNET DRAFT h#O2% 2ESOURCE
$IRECTORY DRAFT
IETF
CORE
RESOURCE
DIRECTORYv HTTPSTOOLSIETFORGHTML
DRAFT
IETF
CORE
RESOURCE
DIRECTORY
) HAVENT ADDRESSED NETWORKING WITHIN A ,O70!. NETWORK 4HERE
ARE A VARIETY OF MODELS SUCH AS MESH NETWORKING AND THEY BUILD ON
THE )%%% NETWORKING MODEL
&INALLY ) HAVENT MENTIONED OTHER PIECES OF HARDWARE DEALING WITH
)%%% AND ,O70!. 4HESE INCLUDE MODULES FROM 4EXAS
)NSTRUMENTS &IREFLY AND ,IBELIUM WITH MANY OTHERS COMING ALONG Q
Jan Newmarch has been using Linux since kernel 0.96. He has written many books and papers about
software engineering, network programming, user interfaces and artificial intelligence, and he is
currently digging into the IoT. He is in charge of ICT degrees at Box Hill Institute and Adjunct Professor
at the University of Canberra.
RETURN TO CONTENTS
)F YOU FEEL A BIT OVERWHELMED DONT WORRY 4HIS GUIDE LAYS OUT THE VARIOUS
DATABASE OPTIONS AND ANALYTIC SOLUTIONS AVAILABLE TO MEET YOUR APPS UNIQUE NEEDS
9OULL SEE HOW DATA CAN MOVE ACROSS DATABASES AND DEVELOPMENT LANGUAGES SO YOU CAN WORK IN YOUR FAVORITE
ENVIRONMENT WITHOUT THE FRICTION AND PRODUCTIVITY LOSS OF THE PAST
Sponsor: IBM
> https://geekguide.linuxjournal.com/content/field-guide-world-modern-data-stores
$EVELOPERS AND )4 ALIKE ARE FINDING IT DIFFICULT AND SOMETIMES EVEN IMPOSSIBLE TO QUICKLY INCORPORATE ALL OF THIS DATA INTO
THE RELATIONAL MODEL WHILE DYNAMICALLY SCALING TO MAINTAIN THE PERFORMANCE LEVELS USERS DEMAND 4HIS IS CAUSING MANY TO
LOOK AT .O31, DATABASES FOR THE FLEXIBILITY THEY OFFER AND IS A BIG REASON WHY THE GLOBAL .O31, MARKET IS FORECASTED TO
NEARLY DOUBLE AND REACH 53$ BILLION IN
Sponsor: IBM
> https://geekguide.linuxjournal.com/content/why-nosql-your-database-options-new-non-relational-world
2UN+EEPERgS INITIAL DATABASE 0OSTGRE31, FAILED TO PROVIDE THE REQUIRED SPEED AND SCALE 0ARTNERING
WITH )"- 2UN+EEPER TRANSFORMED USING )"- #LOUDANTgS $EDICATED #LUSTER AS ITS NEW DATA LAYER
h7E WERE IMPRESSED BY THE WEALTH OF EXPERIENCE THAT THE )"- TEAM WAS ABLE TO DRAW ON TO ADAPT THE SOLUTION TO MEET
OUR BUSINESS NEEDSv SAYS *OE "ONDI #4/ AND #O
FOUNDER OF 2UN+EEPER
Sponsor: IBM
> https://geekguide.linuxjournal.com/content/run-keeper-case-study
4HE 3TATE OF $"AA3 2EPORT COMMISSIONED BY )"- ASSESSED THE BUSINESS AND TECHNICAL IMPACT OF DATABASE
AS
A
SERVICE $"AA3 AS IDENTIFIED BY EXECUTIVE AND TECHNICAL ENTERPRISE USERS AND FOUND THAT DEVELOPERS ARE SAVING A
SUBSTANTIAL AMOUNT OF TIME AFTER ADOPTING $"AA3 !LL OF THOSE SURVEYED WERE USING A MANAGED .O31, DATABASE SERVICE
ACROSS A VARIETY OF INDUSTRIES INCLUDING INSURANCE HEALTHCARE GAMING RETAIL AND FINANCE
Sponsor: IBM
> https://geekguide.linuxjournal.com/content/2016-state-dbaas-report-how-managed-services-are-transforming-
database-administration
3PONSOR 6IVID#ORTEX
> https://geekguide.linuxjournal.com/content/essential-guide-queueing-theory
3PONSOR 6IVID#ORTEX
> https://geekguide.linuxjournal.com/content/sampling-stream-events-probabilistic-sketch
Debugging
Democracy DOC SEARLS
Lets start by making news reality-based again.
Doc Searls is Senior
Editor of Linux Journal.
He is also a fellow with
PREVIOUS the Berkman Center for
Feature:
V
Y
ou had to be a crank to insist on being
right. Being right was largely a matter of
explanations. Intellectual man had become
an explaining creature. Fathers to children, wives to
husbands, lecturers to listeners, experts to laymen,
colleagues to colleagues, doctors to patients,
man to his own soul, explained. The roots of this,
the causes of the other, the source of events,
the history, the structure, the reasons why. For
the most part, in one ear out the other. The soul
wanted what it wanted. It had its own natural
knowledge. It sat unhappily on superstructures of
explanation, poor bird, not knowing which way to
fly.Saul Bellow, Mr. Sammlers Planet
I began writing this column on November 9,
ON THE BALCONY OF A HOTEL IN )STANBUL WHILE
a call to prayer echoed through the streets below.
) TOOK THAT AS GOOD ADVICE BECAUSE A FEW HOURS
Figure 1. Hillary Clinton and Donald Trumps Sentiment Maps for Five Swing States,
via Heartbeat AI
maps, together.
4RUMP WON ALL THOSE STATES (ELL SOMEBODY HAD TO "UT THE MAIN POINT
HERE IS THAT VOTERS DISLIKED BOTH CANDIDATESA LOT 4HEY SIMPLY DISLIKED
4RUMP LESS THAN THEY DISLIKED #LINTONNOT THAT THEY ACTUALLY LIKED 4RUMP
4HIS KIND OF STUDY DOESNT SHOW A MANDATE BUT IT DOES SUGGEST CAUTION
BEFORE SUGGESTING THAT A VICTORY BY EITHER PARTY CONSTITUTED A MANDATE OF
any kindor should, anyway.
)T ALSO MAKES ONE WONDER HOW VOTERS CAME TO FEEL THE WAY THEY DID
ABOUT THE CANDIDATES 4O WHAT DEGREE ARE THOSE FEELINGS ATTACHED TO
3COTT WAS RIGHT AND THAT SURELY MAKES 4RUMP A MUCH MORE
INTERESTING CASE STUDY THAN #LINTON WHOSE ONLY QUOTABLE LINE DURING
THE WHOLE CAMPAIGN WAS hBASKET OF DEPLORABLESv (ER RELATIVELY
BLAH PUBLIC PERSONA ALSO MADE HER A DRESSMAKERS DUMMY FOR EVERY
ADJECTIVAL CHARACTERIZATION 4RUMP CHOSE TO CLOTHE HER IN JUST AS HE
HAD DONE WITH THE MOST THREATENING OF THE 2EPUBLICAN OPPONENTS
HE KNOCKED OFF IN THE PRIMARIES EXAMPLES hLOW
ENERGY *EBv hLITTLE
-ARCOv hLYIN 4EDv ,OOKING AT THE (EARTBEAT !) RESEARCH IT SEEMS
THE ONE THAT STUCK IN THE FINAL ROUND WAS h#ROOKED (ILLARYv
4HE HIGH DEGREE TO WHICH 4RUMP WAS DISLIKED EVEN BY PEOPLE
WHO VOTED FOR HIM IS NOWHERE IN ANY OF THE PREVAILING NARRATIVES IN
ELECTION COVERAGE WHETHER BY WHATS LEFT OF MAINSTREAM MEDIA OR
BY THE MILLIONS YAKKING ABOUT IT ON &ACEBOOK AND 4WITTER )NSTEAD
7 IKIPEDIA HTTPSENWIKIPEDIAORGWIKI)NFLUENCER?MARKETING
4HE COOL NEUTRAL PROFESSIONAL STYLE IN JOURNALISM SAYS GET BOTH SIDES
AND DECIDE FOR YOURSELF 4HE HOTTER MORE PARTISAN PRESS SAYS DECIDE FOR
YOURSELFWHICH SIDETHEN GO GET INFORMATION 4HE WEBLOG DOESNT
WANT TO BE EITHER OF THESE BUT IT CHECKS AND IT BALANCES BOTH
KING OF WHAT WE MIGHT CALL THE hNEWSTREAMv MEDIA #RAIG DID A BUNCH
OF RESEARCH MOST DRAMATICALLY REPRESENTED BY THE GRAPHIC SHOWN IN
&IGURE
I could go on, but Id rather not, since by now Ive spent more time
ON THIS PIECE THAN ON ANYTHING )VE WRITTEN HERE IN MANY YEARS !ND
)VE BEEN DOING THAT SINCE
Heres the Linux connection: we need to hack news back in a
logical direction, and away from the fact-free, misleading and
emotion-stirring ways that news is made today 4HE MAINSTREAM
MEDIA IS BEYOND FIXING 3O IS THE NEWSTREAM MEDIA SO LONG AS IT
REMAINS DEPENDENT ON SURVEILLANCE
BASED ADVERTISING CLICKBAIT AND
FAKE NEWS OF ITS OWN
) DONT KNOW HOW WE DO THAT BUT WEVE HACKED THE WORLD BEFORE
WITH FREE SOFTWARE ,INUX AND OPEN SOURCE JUST TO NAME THE "IG 4HREE
4IME TO DO IT AGAIN Q
RETURN TO CONTENTS
ADVERTISER INDEX
Thank you as always for supporting our advertisers by buying their products!
GEEK GUIDE
Its no accident or mere passing fad that few blades to full data centersknows
containers are revolutionizing how IT that bare-metal server deployments are
shops of all sizes do their work. Whether costly, time-consuming and not very
youre looking to make better use of efficient. Even if you could still afford it,
existing data-center resources or improve the idea of running one or two services
portability to the cloud, Docker and on a single physical servermaybe a
the new-found freedom it offers to use database here, a website thereis just
virtual environments for everything from not practical. Even if youre the best
development to enterprise applications system administrator out there, you
holds a lot of promise. can really make only educated guesses
The challenge is figuring out how best about the maximum amount of CPU,
to move beyond a standard Docker install memory and storage a particular service
to an enterprise-worthy solution thats will need over time. Once you do the
secure, easy to manage and scalable. Its math and purchase the hardware, you
also important to find ways to manage all know there surely will be hours, days
your containers easily as well as the images and weeks when your physical servers
you modify and plan to reuse. After all, capacity is idle and of no use to you.
containers are only part of any enterprise, Virtual machines changed all that
which is now a healthy mix of bare-metal by enabling more efficient use of that
boxes, virtual machines, containers and same physical servers resources by
on- and off-premises clouds. Tools that can sharing them across separate instances
help provide a common frameworkand of Linux and Windows servers. With
familiar interfacesare critical. the advent of VMware and Hyper-V and
With SUSE Enterprise Linux Server open-source KVM and Xen, suddenly
12 and the tools it offers, you and your you could place multiple servers on
team can begin to solve real-world a single physical box, quickly move
problems, tame the Docker life cycle, them between clusters, more easily run
and create, run and maintain containers backups and restores, clone them and
at nearly any scale. manage them all from a single interface.
Go to http://drupalize.me and
get Drupalized today!