Quantum reflections of a winter evening

 

A problem of interpretation?

December 14th, 1900 is known as the date of birth of quantum physics. In fact, that day Max Planck presented his report to the German Physical Society in Berlin, in which he argued that the exchange of energy in the phenomena of emission and absorption of electromagnetic radiation occurs in discrete form, not in continuous form as claimed by electromagnetic classic theory.

It was like opening a door to a new universe, that of subatomic particles. In a few decades it was learned that the basis of the strength of the real world around us (people, objects, plants, animals, etc.) is a joyful swarm of tiny particles distributed in clouds of probability, essentially surrounded by empty space. A shocking and apparently incomprehensible reality for the man of the ‘900: how could that still solid rock actually contain billions of microscopic “objects” in motion?

With the passing of the years, the road was covered deeper and deeper, revealing ever smaller particles for which new unknown names were coined: Leptons, Gluons, Quarks, Neutrinos, Fermions, Bosons, and so on until…

<Read More…>

Filling old bottles with new wine

 

They are filling old bottles with new wine!” This is what the physicist Werner Heisenberg heard exclaiming by his friend and colleague Wolfgang Pauli who, criticizing the approach of the scientists of the time, believed that they had been forcibly glued the notion of “quantum” on the old theory of the planetary-model of Bohr’s atom. Faced with the huge questions introduced by quantum physics, Pauli instead began to observe the new findings from a different point of view, from a new level of reality without the constraints imposed by previous theories.

Newton himself, once he theorized the law of the gravitational field, failing to place it in any of the physical realities of the time, he merely…

<Read More...>

A WordPress Plugin to list posts in complex nested websites

 

List all posts by Authors, nested Categories and Titles is a WordPress Plugin I wrote to fix a menu issue I had during a complex website development. It has been included in the official WordPress Plugin repository. The Plugin is particularly suitable to all multi-nested categories and multi-authors websites handling a large number of posts and complex nested category layout (i.e.: academic papers, newpapers articles, etc). This plugin allows the user to place a shortcode into any page and get rid of a long and nested menu/submenu to show all site’s posts. A selector in the page will allow the reader to select grouping by Category/Author/Title. You can also manage to install a “tab” plugin (i.e.: Tabby Responsive Tabs) and arrange each group on its specific tab.

Output grouped by Category will look like:

CAT1
    post1                       AUTHOR
    SUBCAT1
        post2                   AUTHOR
        post3                   AUTHOR
        SUBCAT2
            post4               AUTHOR
            ...
            ...

while in the “Author” grouping mode, it is:

AUTHOR1
  post1               [CATEGORY]
  post2               [CATEGORY]

AUTHOR2
  post1               [CATEGORY]
  post2               [CATEGORY]
.....

The plugin installs a new menu “ACT List Shortcodes” in Admin->Tools. The tool is a helper to automatically generate the required shortcode. It will parse the options and display the string to be copied and pasted into any page.

The Plugin is holding a GPL2 license and it can be downloaded from its page on WP Plugins.

wordpress-logo

 

OpenStack: a .deb guy on (the) board

 

The elections for the new OpenStack board are coming closer
and this time the Open Source community has a great
opportunity of representation: Giuseppe Paternò is standing as a candidate for the board.

Although Giuseppe is considered by HP and Forrester Research
among the top talented consultants in the world,
Gippa (as he’s largely known in the industry) is still “one of us”,
a “nerd” that grew up with a keyboard on his hands.
As he’s one of the candidates of the OpenStack board,
Fabio Marzocca – wishing to know more – has interviewed him.

[FM] The hard question. You’re a techie. Why the hell are you running for the board?

[GP] This is indeed a good question ☺ It all started as a challenge from some clients and friends that are working in the OpenStack project. The truth is that the board and most of the management of the foundation are from vendors. I’m not questioning here if they do a good job or not, it is very likely that they tend to protect their own interests. In my opinion it lacks some “community spirit” that have fostered Linux development such as Debian and Ubuntu. That’s why I’m running for it, to bring the community where it should be.

[FM] Back to Debian and Ubuntu, could you tell us your story with Linux?

[GP] I discovered Linux in 1994, but only in 1996 things were serious. By the time I just finished high school and I applied for a job in a local Internet Service Provider. At 15 years I was well known in the local community as I was installing and maintaining several BBSes, so it wasn’t hard to get the job. I can say it was love at first sight. I started with Slackware (was the first distro), but I moved into redhat first and then debian. When I was working for the IBM Linux Technology Center, I was in charge of helping porting Linux to PowerPC and backporting LVM to make it similar to AIX. Sun was also a good playground as they acquired Cobalt, a hardware appliance based on debian. Then I shifted more towards Enterprise Linux adoption with 6 years in RedHat and then I went to Canonical. I was happy to go back to Debian and Ubuntu community, because I still believe that Ubuntu Developer Summits (UDS) were the real spirit of a Linux community.

[FM] Another hard question. We know you’re somehow involved in the “rebellion” of Devuan.org. What is your opinion about systemd?

[GP] Let me tell you that it’s not totally black/white and let’s see the two sides here. Something like systemd was indeed needed. Each distro has its own way of init’ing the system and for a package maintainer or commercial software maker, maintaining different init behaviour is insane. And as an init replacement it totally makes sense. However, IMHO systemd went too far away, incorporating into its code something that should not happen. A DHCP client into an init system, seriously? I doubt it was in the spirit of the Unix and Linux system…
However, in the real world of “pets vs cattle”, where application matters more than systems, having a systemd as it is, doesn’t change that much.

[FM] OpenStack was incubated in Ubuntu and the roots are quite clear. Is there something else that you would like to see from Debian and Ubuntu in OpenStack?

[GP] Stability, if I can name just one. Currently OpenStack is released every 6 months, which was probably the best choice to speed up the development. However, this is now becoming a weakness, as enterprise customers can’t upgrade their critical infrastructures every 6 months. Traditionally Debian is “maniacally” focused on given a bullet-proof distribution, this is something that in my opinion is missing from OpenStack.

[FM] Gippa, tell us just 2 or 3 topics you will bring to action in case of election

[GP] I’d like to introduce an OpenStack “LTS” process, following the Ubuntu approach: while releasing every 6 months is fair enough for development and testing environments, having a stable release every 2-3 years can give enterprise customers the peace of mind they need while running production environments.
I’d also love to see a consolidation of the core (Nova/Neutron/Cinder/Swift): vendors and developers are introducing new features and projects while I’d love to see –for example- a more stable and scalable Neutron and a more stable connection to Oslo (in particular rabbitmq).
In general, I would encourage more attention to who is actually deploying, integrating and using OpenStack every day. I would also try to foster the ecosystem of ISVs in order to release and certify their software for OpenStack. And – last but not least- to see interoperation between “regional” datacenters: I dream of a world where companies in a given territory can “work together”, and this is only possible through standards. I hope that OpenStack can represent this standard.

[FM] When are the elections and how can we vote?

[GP] Individual Member Director elections for the 2016 Board will be held online from Monday January 11, 2016 to Friday January 15, 2016. More informations on the website.

Enterprise Innovation in a Transformative Society

 

Recent article by professors Karim Lakhani and Marco Iansiti on the Harvard Business Review, “Digital Ubiquity: How Connection, Sensors and Data are Revolutionizing Business”, gave me the opportunity for interesting insights and considerations.

Digital technology evolution and the development of modern “Internet of Things” devices are introducing huge transformative effects within social inter-relationships and its business models. These effects can not be ignored if we want to perceive – with the right clarity and meaning – the innovation process that inevitably comes with it.

The three fundamental properties of digital technology…

<Read More…>

Pallinux: Olly Olly Oxen Free!

 

Pallinux: Artwork by Fabio "Pixel" Colinelli

Pallinux: Artwork by Fabio “Pixel” Colinelli

In a world far away, in the dark Land of Digitos only populated by machines and computers, the evil Mister Woo was ruling over all. Over time, this terrible dictator was becoming a horrendous fire-eyed giant, walking the whole day by vibrating the heavy steps into his Kingdom, leaving behind him a trail of smoke and terror. Mr. Woo always wore a long, shabby and dirty top hat that had once been white, so old and ragged that he could not even keep it up straight on his head.

Throughout the Land of Digitos, the inhabitants – computers – were scattered, each…

<Read more…>

Creativity, Innovation and the “Included Middle” logic

The pressure of the post-modernism is establishing its bases on our general lack of ability to overcome a number of dualisms that have become ingrained in the modern way of thinking[1]. This is mainly due to the strong influence of past centuries’ scientific “Reductionism”, which postulated that any system – to be understood – had to be reduced to its minimum component elements.

However, a so defined system is a “closed” system, which does not interact with the surrounding environment and it can exist (not always) only in a reality-isolated laboratory. The logic of “Complexity”, instead, takes into account the “open” systems and all the interconnections and influences of the system itself with the world around it, in every physical, social, psychological and symbolic aspect…

<Read more…>

Big Data: ask the right questions

 

The Big Data phenomenon has reached a reality that is often baffling to the amount of information to be managed, and what for us today is called “Big” it will not be anymore in 5 years, from where it will be necessary to coin other terminologies and corresponding analysis technologies .

bigdata1.jpg

The scientific and technological world is thus in ferment in a general rush towards finding the most appropriate tools to get the answers to these extensive masses of data. Big Data represents a paradigm shift: from the Society of network and connection the approach is increasingly leaning towards information and database….

<Read more…>

How to have a successful OpenStack project

It’s no secret that OpenStack is becoming the de-facto standard for private cloud and a way for telecom operators to differentiate against big names such as Amazon or Google.
OpenStack has already been adopted in some specific projects, but the wide adoption in enterprises is starting now, mostly because people simply find it difficult to understand. VMWare is still something to compare to, but OpenStack and cloud is different. While cloud implies virtualization, virtualization is not cloud.

gpaterno_ebook_webCloud is a huge shift in your organization and will change forever your way of working in the IT projects, improving your IT dramatically and cutting down costs.

In order to get the best of OpenStack, you need to understand deeply how cloud works. Moreover, you need to understand the whole picture beyond the software itself to provide new levels of agility, flexibility, and cost savings in your business.

Giuseppe Paterno’, leading European consultant and recently awarded by HP, wrote OpenStack Explained to guide you through the OpenStack technology and reveal his secret ingredient to have a successful project. You can download the ebook for a small donation to provide emergency and reconstruction aid for Nepal. Your donation is certified by ZEWO , the Swiss federal agency that ensures that funds go to a real charity project.

… but hurry up, the ebook is in a limited edition and it ends on July 2015.

Donate & Download here: https://life-changer.helvetas.ch/openstack

Handling identities in distributed Linux cloud instances

I’ve many distributed Linux instances across several clouds, be them global, such as Amazon or Digital Ocean, or regional clouds such as TeutoStack or Enter.

Probably many of you are facing the same issue: having a consistent UNIX identity across all multiple instances. While in an ideal world LDAP would be a perfect choice, letting LDAP open to the wild Internet is not a great idea.

So, how to solve this issue, while being secure? The trick is to use the new NSS module for SecurePass.

While SecurePass has been traditionally used into the operating system just as a two factor authentication, the new beta release is capable of holding “extended attributes”, i.e. arbitrary information for each user profile.

We will use SecurePass to authenticate users and store Unix information with this new capability. In detail, we will:

  • Use PAM to authenticate the user via RADIUS
  • Use the new NSS module for SecurePass to have a consistent UID/GID/….

 SecurePass and extended attributes

The next generation of SecurePass (currently in beta) is capable of storing arbitrary data for each profile. This is called “Extended Attributes” (or xattrs) and -as you can imagine- is organized as key/value pair.

You will need the SecurePass tools to be able to modify users’ extended attributes. The new releases of Debian Jessie and Ubuntu Vivid Vervet have a package for it, just:

# apt-get install securepass-tools

ERRATA CORRIGE: securepass-tools hasn’t been uploaded to Debian yet, Alessio is working hard to make the package available in time for Jessie though.

For other distributions or previous releases, there’s a python package (PIP) available. Make sure that you have pycurl installed and then:

# pip install securepass-tools

While SecurePass tools allow local configuration file, we highly recommend for this tutorial to create a global /etc/securepass.conf, so that it will be useful for the NSS module. The configuration file looks like:

[default]
app_id = xxxxx
app_secret = xxxx
endpoint = https://beta.secure-pass.net/

Where app_id and app_secrets are valid API keys to access SecurePass beta.

Through the command line, we will be able to set UID, GID and all the required Unix attributes for each user:

# sp-user-xattrs user@domain.net set posixuid 1000

While posixuid is the bare minimum attribute to have a Unix login, the following attributes are valid:

  • posixuid → UID of the user
  • posixgid → GID of the user
  • posixhomedir → Home directory
  • posixshell → Desired shell
  • posixgecos → Gecos (defaults to username)

Install and Configure NSS SecurePass

In a similar way to the tools, Debian Jessie and Ubuntu Vivid Vervet have native package for SecurePass:

# apt-get install libnss-securepass

For previous releases of Debian and Ubuntu can still run the NSS module, as well as CentOS and RHEL. Download the sources from:

https://github.com/garlsecurity/nss_securepass

Then:

./configure
make
make install (Debian/Ubuntu Only)

For CentOS/RHEL/Fedora you will need to copy files in the right place:

/usr/bin/install -c -o root -g root libnss_sp.so.2 /usr/lib64/libnss_sp.so.2
ln -sf libnss_sp.so.2 /usr/lib64/libnss_sp.so

The /etc/securepass.conf configuration file should be extended to hold defaults for NSS by creating an [nss] section as follows:

[nss]
realm = company.net
default_gid = 100
default_home = "/home"
default_shell = "/bin/bash"

This will create defaults in case values other than posixuid are not being used. We need to configure the Name Service Switch (NSS) to use SecurePass. We will change the /etc/nsswitch.conf by adding “sp” to the passwd entry as follows:

$ grep sp /etc/nsswitch.conf
 passwd:     files sp

Double check that NSS is picking up our new SecurePass configuration by querying the passwd entries as follows:

$ getent passwd user
 user:x:1000:100:My User:/home/user:/bin/bash
$ id user
 uid=1000(user)  gid=100(users) groups=100(users)

Using this setup by itself wouldn’t allow users to login to a system because the password is missing. We will use SecurePass’ authentication to access the remote machine.

Configure PAM for SecurePass

On Debian/Ubuntu, install the RADIUS PAM module with:

# apt-get install libpam-radius-auth

If you are using CentOS or RHEL, you need to have the EPEL repository configured. In order to activate EPEL, follow the instructions on http://fedoraproject.org/wiki/EPEL

Be aware that this has not being tested with SE-Linux enabled (check off or permissive).

On CentOS/RHEL, install the RADIUS PAM module with:

# yum -y install pam_radius

Note: as per the time of writing, EPEL 7 is still in beta and does not contain the Radius PAM module. A request has been filed through RedHat’s Bugzilla to include this package also in EPEL 7

Configure SecurePass with your RADIUS device. We only need to set the public IP Address of the server, a fully qualified domain name (FQDN), and the secret password for the radius authentication. In case of the server being under NAT, specify the public IP address that will be translated into it. After completion we get a small recap of the already created device. For the sake of example, we use “secret” as our secret password.

Configure the RADIUS PAM module accordingly, i.e. open /etc/pam_radius.conf and add the following lines:

radius1.secure-pass.net secret 3
radius2.secure-pass.net secret 3

Of course the “secret” is the same we have set up on the SecurePass administration interface. Beyond this point we need to configure the PAM to correct manage the authentication.

In CentOS, open the configuration file /etc/pam.d/password-auth-ac; in Debian/Ubuntu open the /etc/pam.d/common-auth configuration and make sure that pam_radius_auth.so is in the list.

auth required   pam_env.so
auth sufficient pam_radius_auth.so try_first_pass
auth sufficient pam_unix.so nullok try_first_pass
auth requisite  pam_succeed_if.so uid >= 500 quiet
auth required   pam_deny.so

Conclusions

Handling many distributed Linux poses several challenges, from software updates to identity management and central logging.  In a cloud scenario, it is not always applicable to use traditional enterprise solutions, but new tools might become very handy.

To freely subscribe to securepass beta, join SecurePass on: http://www.secure-pass.net/open
And then send an e-mail to info@garl.ch requesting beta access.